Infection massive et complexe

[Ono]

Bonjour,

 

Tout d'abord bravo pour la suite d'outils ZHP. Bon nombre d'utilitaires de désinfection qui ont rendu bien des services par le passé sont frappés obsolescence (hijackthis, sybot...). Je dois l'être également puisque c'est la première fois que je demande de l'aide (j'ai mis mon amour-propre au congélateur et envoyé mon ego faire un tour jusqu'à désinfection).

 

Et bien voici :

- svchost s'emballe par moments sans que j'ai le temps de remonter le service.

- après le passage de combofix en mode sans échec, impossible d'ouvrir quoique ce soit, ni même d'arrêter un processus.

- des processus sont cachés (v. copie écran) : la somme des % d'occupation temps machine par processus < somme totale tous les utilisateurs.

- les logins dans les macros (fichiers txt iiopus, extension firefox) qui me servaient à la connexion pour la consultation des E-mails ont été tronqués après le "@" de mon adresse.

- les mots de passe de accès mail semblent avoir été modifiés (je n'ai pas insisté avent désinfection).

 

Encore merci pour vos actes solidaires.

 

Ci-dessous le rapport ZHPDiag, puis Combofix probablement inutile) :

 

Rapport de ZHPDiag v1.28.1321 par Nicolas Coolman, Update du 09/08/2011

Run by Patouche at 11/08/2011 10:54:23

Web site : ZHPDiag Outil de diagnostic

 

 

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421 (Defaut)

MFIE: Mozilla Firefox 5.0 v5.0

 

---\\ Windows Product Information

Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)

Windows Server License Manager Script : OK

~ Vista, OEM_SLP channel

System Locked Preinstallation (OEM_SLP) : OK

Windows ID Activation : OK

~ Windows Partial Key : X7QB8

Windows License : OK

Windows Automatic Updates : OK

 

---\\ System Information

~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3070 MB (52% free)

System Restore: Activé (Enable)

System drive C: has 141 GB (38%) free of 365 GB

 

---\\ Logged in mode

~ Computer Name: ORDIPOUNET

~ User Name: Patouche

~ All Users Names: UpdatusUser, Patouche, Administrateur,

~ Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator

 

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\Patouche\AppData\Roaming\

~ %Desktop% : C:\Users\Patouche\Desktop\

~ %Favorites% : C:\Users\Patouche\Favorites\

~ %LocalAppData% : C:\Users\Patouche\AppData\Local\

~ %StartMenu% : C:\Users\Patouche\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\system32\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 141 Go of 365 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 32 Go of 99 Go)

F:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 2 Go)

G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

H:\ CD-ROM drive (Not Inserted)

I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoDispScrSavPage: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK

~ Scan Security Center in 00mn 00s

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.07/08/2011 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]

[MD5.4B555106290BD117334E9A08761C035A] - (....) (.07/08/2011 - 10:45:37.) -- C:\Windows\system32\rundll32.exe [44544]

[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.07/08/2011 - 08:33:37.) -- C:\Windows\system32\Wininit.exe [96768]

[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.07/08/2011 - 11:24:46.) -- C:\Windows\system32\wininet.dll [1126912]

[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.07/08/2011 - 07:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]

[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.30/01/2011 - 07:32:26.) -- C:\Windows\system32\drivers\atapi.sys [19944]

[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.30/01/2011 - 07:32:49.) -- C:\Windows\system32\drivers\ntfs.sys [1083880]

[MD5.95F5FF73B076576C41740F1A842B9B57] - (....) (.30/01/2011 - 08:34:10.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]

~ Scan Generic Processes in 00mn 00s

 

 

 

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 4/516

~ Mes musiques (My Musics) : 50/2308

~ Mes Videos (My Videos) : 1/142

~ Mes Favoris (My Favorites) : 2/22

~ Mes Documents (My Documents) : 78/11526

~ Mon Bureau (My Desktop) : 616/9847

~ Menu demarrer (Programs) : 6/68

~ Scan Hidden Files in 00mn 12s

 

 

 

---\\ Processus lancés

[MD5.04DB1E60FBFB9A77AF16238A209C2CDD] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [373864]

[MD5.CCC08DE1286571175A75A56563C37715] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4706304]

[MD5.895E17BFF96D3114FD19CEC65A0E749E] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2554696]

[MD5.E1E2D028E40D58FFF8DC88514E858117] - (.Lexmark International, Inc. - Lexmark 1200 Series Button Manager.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe [74672]

[MD5.1727CE551D69F0DF0BF98FA20DD8D92E] - (.cFos Software GmbH - cFosSpeed Window.) -- C:\Program Files\cFosSpeed\cfosspeed.exe [881368]

[MD5.5D0F2626553613B22AF1BF709DD84148] - (.tzuk - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe [389120]

[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952]

[MD5.BDD713D351F065E20F12865B8CFD956D] - (.MagicISO, Inc. - MagicISO Virtual CD/DVD Manager.) -- C:\Program Files\MagicDisc\MagicDisc.exe [575488]

[MD5.4560FD06FD052712525EB088F58C103C] - (.Lexmark International, Inc. - Lexmark 1200 Series Button Monitor.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe [58288]

[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376]

[MD5.DD0CC1613101093AAB0E99C24B207883] - (...) -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe [129352]

[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472]

[MD5.061CBB1058A10C0875D18CAFF835AE97] - (.Microsoft Corporation - Hôte des applications HTML de Microsoft®.) -- C:\Windows\System32\mshta.exe [11776]

[MD5.59161195EA070A0BB8A85B5B99D8F643] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\ccleaner.exe [2585408]

[MD5.6C9CD3ECBA6732661C8BBE37A877A2BD] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632]

[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120]

[MD5.16B28217497C9F1A70CA0A0D53FA04AC] - (.Nicolas Coolman - Analyseur de rapports sécurité.) -- C:\Program Files\ZebHelpProcess\ZHP2.exe [893440]

[MD5.C354A712DCCA3E4AC3C4B8C6A9BD28A0] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [664064]

[MD5.7C732AFF202DCD06C3D262966D71604C] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 275.3.) -- C:\Windows\system32\nvvsvc.exe [615528]

[MD5.43F37E8F60F3677E84C6AFC70C784AFD] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1793712]

[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896]

[MD5.3D36332478EF0026439D8AD4471E800C] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [839272]

[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [64952]

[MD5.47ABD3DC72929F42329D397151A9A6FA] - (.cFos Software GmbH - cFosSpeed Service.) -- C:\Program Files\cFosSpeed\spd.exe [390872]

[MD5.27CB54C0346EFD7B0536B0CB610131AE] - (...) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe [298824]

[MD5.2CFEA9C337B699ACA38487E8A7438F35] - (.AnchorFree Inc. - Pas de description.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [363336]

[MD5.564BAB77CD96CE0E3FD5BBCDDED142DF] - (...) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe [329544]

[MD5.FA88D61278C6B73D50EC441FBD91D1FC] - (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\system32\lxczcoms.exe [537520]

[MD5.D07C9575726797B0E9069E1108A1C483] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224]

[MD5.D701C5A242C31D018375459E1373FE22] - (.tzuk - Sandboxie Service.) -- C:\Program Files\Sandboxie\SbieSvc.exe [66560]

[MD5.54902536AAD0E9B99BC65F89C0CAF93F] - (.Microsoft Corporation - SQL Server VSS Writer.) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968]

[MD5.B1691AF4A072CB674D600DB16DD7308E] - (.Rocket Division Software - StarWind iSCSI Target (Alcohol Edition).) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968]

[MD5.A2ABC52CD8A5B60262B220A17A92EB31] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [378472]

[MD5.52B1899DF89DFFFC9C94F2214459C386] - (.TuneUp Software - TuneUp Program Statistics Service.) -- C:\Windows\System32\TUProgSt.exe [603904]

[MD5.5A0C788C5BC5F2C993CB60940ADCF95E] - (.X10 - X10 Module.) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480]

[MD5.AD1870C8E5D6DD340C829E6074BF3C3F] - (.Microsoft Corporation - Service de planification Windows Media Cent.) -- C:\Windows\ehome\ehsched.exe [131072]

[MD5.9BE3744D295A7701EB425332014F0797] - (.Microsoft Corporation - Service de réception Windows Media Center.) -- C:\Windows\ehome\ehRecvr.exe [292352]

[MD5.262D2FBF211A88DCB84249DF0F6EF6E7] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504]

[MD5.B41FD804F2A6A86DA95C05632FD98117] - (...) -- C:\Program Files\Hotspot Shield\bin\openvpn.exe [609096]

~ Scan Processes Running in 00mn 00s

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\Patouche\AppData\Roaming\Mozilla\Firefox\Profiles\pycqkpj7.default\prefs.js

M3 - MFPP: Plugins - [Patouche] -- C:\Users\Patouche\AppData\Roaming\Mozilla\Firefox\Profiles\pycqkpj7.default\searchplugins\aeromp3com.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Users\Patouche\AppData\Roaming\Mozilla\Firefox\Profiles\pycqkpj7.default\searchplugins\beemp3.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Users\Patouche\AppData\Roaming\Mozilla\Firefox\Profiles\pycqkpj7.default\searchplugins\mozilla-add-ons.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Users\Patouche\AppData\Roaming\Mozilla\Firefox\Profiles\pycqkpj7.default\searchplugins\mp3-downloads.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Users\Patouche\AppData\Roaming\Mozilla\Firefox\Profiles\pycqkpj7.default\searchplugins\search-tinysubs.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Program Files\Mozilla FireFox\searchplugins\privatesearch.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [Patouche] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\chmfox@zhuoqiang.me] [] ChmFox v1.2 (.ZHUO Qiang.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\engine@conduit.com] [] Conduit Engine v3.3.3.2 (.Conduit Ltd..)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\https-everywhere@eff.org] [] HTTPS-Everywhere v1.0.0 (.Mike Perry & Peter Eckersley.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\max@subfighter.com] [] Flash Video Resources Downloader v1.0.3 (.Max Demian.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\{3eaacb33-878f-44fa-b4cd-6e67cbaf828b}] [] Unofficial Google Translate Firefox extension v1.4 (.Jimmy Ruska.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}] [] ChatZilla v0.9.87 (.The ChatZilla Team.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\{6e098d65-7d2d-46d4-ada0-2f882a29f795}] [] CHM Reader v0.2.3 (.Ling Li.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\{71328583-3CA7-4809-B4BA-570A85818FBB}] [cacheviewer] CacheViewer v0.6.3 (.The Tiny BENKI.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}] [] iMacros for Firefox v7.3.0.0 (.iMacros Team, iOpus Software GmbH.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\{9815d32d-08c2-42ca-a8c6-43e501a4512f}] [] Tor-Proxy.NET Toolbar v0.3.3 (.Tor-Proxy.NET.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}] [WOT] WOT v20110704 (.WOT Services Oy.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.4 (.Michel Gutierrez.)

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\{e3868d2c-9a68-4c4a-87f2-4e9d78fd16ee}] [] v (.Avindra+Descriptor+Goolcharan+#avg+LESENUSpageURL></em:homepageURL><em:targetApplication><Description><em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id><e

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 1.9.0009.1.) -- C:\Program Files\Mozilla Firefox\Plugins\npLegitCheckPlugin.dll

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFFICE.DLL

P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.0.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll

P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60310.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

P2 - FPN: [HKLM] [Adobe Acrobat] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.0.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.0.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

~ Scan Firefox Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search Microsoft.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Bing

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 4, 2) -- C:\Program Files\Hotspot_Shield\tbHots.dll

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\system32\ieframe.dll

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 4, 2) -- C:\Program Files\Hotspot_Shield\tbHots.dll

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

~ Scan IE Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 204.73.37.113:80

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

 

 

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

~ Scan Keys in 00mn 00s

 

 

 

---\\ Redirection du fichier Hosts (O1)

~ Scan Hosts File in 00mn 04s

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Hotspot_Shield\tbHots.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} . (...) -- C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} . (.Zeon Corporation - ZeonIEFavClient.dll.) -- C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

~ Scan BHO in 00mn 00s

 

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} . (.Zeon Corporation - ZeonIEFavClient.dll.) -- C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Hotspot_Shield\tbHots.dll

~ Scan Toolbar in 00mn 00s

 

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe

O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

O4 - HKLM\..\Run: [lxczbmgr.exe] . (.Lexmark International, Inc. - Lexmark 1200 Series Button Manager.) -- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

O4 - HKLM\..\Run: [cFosSpeed] . (.cFos Software GmbH - cFosSpeed Window.) -- C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKCU\..\Run: [sandboxieControl] . (.tzuk - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe

O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-21-2824818794-2576243679-2939498363-1004-2824818794-2576243679-2939498363-1000\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-21-2824818794-2576243679-2939498363-1004-2824818794-2576243679-2939498363-1000\..\Run: [WindowsWelcomeCenter] oobefldr.dll

~ Scan Application in 00mn 00s

 

 

 

---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Run XP Repair Pro 4.0.lnk . (.DDX SOFTWARE INC.) -- C:\Program Files\XP Repair Pro 4.0\ControlCenter.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk . (...) -- C:\Users\Patouche\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe

O4 - Global Startup: C:\Users\Patouche\Desktop\Bureau XP(D).lnk . (...) -- D:\Documents and Settings\Pounet\Bureau

O4 - Global Startup: C:\Users\Patouche\Desktop\CyberLink WaveEditor.lnk . (.Cyberlink.) -- C:\Program Files\CyberLink\WaveEditor\WaveEditor.exe

O4 - Global Startup: C:\Users\Patouche\Desktop\Downloads - Raccourci.lnk . (...) -- C:\Downloads

O4 - Global Startup: C:\Users\Patouche\Desktop\IRAssistant.lnk . (...) -- C:\Program Files\IRAssistant\IRAssistant.exe

O4 - Global Startup: C:\Users\Patouche\Desktop\Restart Explorer.bat - Raccourci.lnk . (...) -- C:\Windows\Restart Explorer.bat

O4 - Global Startup: C:\Users\Patouche\Desktop\www - Raccourci.lnk . (...) -- C:\wamp\www

O4 - Global Startup: C:\Users\Patouche\Desktop\µpdater.lnk . (...) -- C:\Users\Patouche\AppData\Roaming\uTorrent\IP filter µpdater.bat

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ StreamTransport.lnk . (...) -- C:\Program Files\StreamTransport\StreamTransport.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\binload.exe - Raccourci.lnk . (.Binload.) -- C:\Program Files\Binload\binload.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Charon.exe - Raccourci.lnk . (...) -- C:\Users\Patouche\Logiciels vrac\charon\Charon.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DFD.exe - Raccourci.lnk . (.Key Metric Software, LLC..) -- C:\Program Files\Key Metric Software\Duplicate File Detective 4\DFD.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVR-MS 2 MPEG2.lnk . (...) -- C:\Program Files\DVR-MS 2 MPEG2\DVR-MS 2 MPEG2.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\frd.exe - Raccourci.lnk . (.Vity.) -- C:\Users\Patouche\Logiciels vrac\FreeRapid-0.85u1-final\frd.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Download Manager.lnk . (.FreeDownloadManager.ORG.) -- C:\Program Files\Free Download Manager\fdm.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IsoBuster.lnk . (.Smart Projects.) -- C:\Program Files\Smart Projects\IsoBuster\IsoBuster.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MantraPortable.exe - Raccourci.lnk . (.PortableApps.com.) -- C:\Users\Patouche\Logiciels vrac\MantraPortable\MantraPortable.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\mediacoder.exe - Raccourci.lnk . (.Stanley Huang.) -- C:\Program Files\MediaCoder\mediacoder.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\notepad - Raccourci.lnk . (.Microsoft Corporation.) -- C:\Windows\System32\notepad.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\paltalk.exe - Raccourci.lnk . (.AVM Software Inc..) -- C:\Program Files\Paltalk Messenger\paltalk.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ProxyFirewall.lnk . (.Unique Internet Services.) -- C:\Program Files\ProxyFirewall\ProxyFirewall.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuarkXPress.exe - Raccourci.lnk . (.Quark, Inc..) -- C:\Program Files (x86)\Quark\QuarkXPress 9\QuarkXPress.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QUICKMEDIACONVERTER.lnk . (.Actecom.) -- C:\Program Files\QuickMediaConverter\QMC.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Run XP Repair Pro 4.0.lnk . (.DDX SOFTWARE INC.) -- C:\Program Files\XP Repair Pro 4.0\ControlCenter.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\RVCap.exe - Raccourci.lnk . (.All Alex, Inc..) -- C:\Program Files\Replay Video Capture\RVCap.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Snagit32.exe - Raccourci.lnk . (.TechSmith Corporation.) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Start Tor Browser.exe - Raccourci.lnk . (...) -- C:\Users\Patouche\Logiciels vrac\Tor Browser\Start Tor Browser.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk . (.SUPERAntiSpyware.com.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Super_macro.exe - Raccourci.lnk . (...) -- C:\Program Files\Super macro\Super_macro.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\swriter.exe - Raccourci.lnk . (.OpenOffice.org.) -- C:\Program Files\OpenOffice.org 3\program\swriter.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TMAC.exe - Raccourci.lnk . (.Technitium.) -- C:\Program Files\Technitium\TMACv5.0R3\TMAC.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Total Video Converter.lnk . (...) -- C:\Program Files\Total Video Converter\tvc.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Transmiti.exe - Raccourci.lnk . (.Thomas Arlt.) -- C:\Users\Patouche\Downloads\Transmiti.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TuneUp Maintenance en 1 clic.lnk . (.TuneUp Software GmbH.) -- C:\Program Files\TuneUp Utilities 2009\OneClick.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TVO.exe - Raccourci.lnk . (...) -- C:\Users\Patouche\Logiciels vrac\TVO\TVO.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\universalis2011.exe - Raccourci.lnk . (...) -- C:\Program Files\Encyclopaedia Universalis 2011\Encyclopaedia Universalis 2011\universalis2011.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk . (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WampServer.lnk . (.Aestan Software.) -- C:\wamp\wampmanager.exe

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk . (.BitTorrent, Inc..) -- C:\Program Files\uTorrent\uTorrent.exe

~ Scan Global Startup in 00mn 00s

 

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: Ajouter au fichier PDF existant . (.Zeon Corporation - ZeonIEFavClient.dll.) -- C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll

O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant . (.Zeon Corporation - ZeonIEFavClient.dll.) -- C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll

O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant . (.Zeon Corporation - ZeonIEFavClient.dll.) -- C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll

O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés . (.Zeon Corporation - ZeonIEFavClient.dll.) -- C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll

O8 - Extra context menu item: Créer fichier PDF . (.Zeon Corporation - ZeonIEFavClient.dll.) -- C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll

O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien . (.Zeon Corporation - ZeonIEFavClient.dll.) -- C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - (.not file.) - file:\\C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - (.not file.) - file:\\C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - (.not file.) - file:\\C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - (.not file.) - file:\\C:\Program Files\Free Download Manager\dlfvideo.htm

~ Scan IE Menu Contextuel in 00mn 00s

 

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: &Envoyer à OneNote - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} . (.AVM Software Inc. - PaltalkScene.) -- C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.AVM Software Inc. - PaltalkScene.) -- C:\Program Files\Paltalk Messenger\Paltalk.exe

~ Scan IE Extra Buttons in 00mn 00s

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

~ Scan Winsock in 00mn 00s

 

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

~ Scan Objets ActiveX in 00mn 00s

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{98517776-CBB5-4511-B979-43A90479F5B9}: DhcpNameServer = 109.0.66.10 109.0.66.20

O17 - HKLM\System\CCS\Services\Tcpip\..\{B0640846-9E80-45B2-A6D5-7F8D6BBE1E07}: DhcpNameServer = 10.71.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{F9E32B22-CA08-4CE2-A3C9-38C89F6E1EF0}: DhcpNameServer = 109.0.66.10 109.0.66.20

O17 - HKLM\System\CCS\Services\Tcpip\..\{B0640846-9E80-45B2-A6D5-7F8D6BBE1E07}: DhcpDomain = hshld.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{3854B5DC-253B-4105-9612-5BF96795E62B}: DhcpNameServer = 86.64.145.143 84.103.237.143

O17 - HKLM\System\CS2\Services\Tcpip\..\{98517776-CBB5-4511-B979-43A90479F5B9}: DhcpNameServer = 109.0.66.10 109.0.66.20

O17 - HKLM\System\CS2\Services\Tcpip\..\{B0640846-9E80-45B2-A6D5-7F8D6BBE1E07}: DhcpNameServer = 10.71.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{F9E32B22-CA08-4CE2-A3C9-38C89F6E1EF0}: DhcpNameServer = 109.0.66.10 109.0.66.20

O17 - HKLM\System\CS2\Services\Tcpip\..\{B0640846-9E80-45B2-A6D5-7F8D6BBE1E07}: DhcpDomain = hshld.com

O17 - HKLM\System\CS3\Services\Tcpip\..\{98517776-CBB5-4511-B979-43A90479F5B9}: DhcpNameServer = 109.0.66.10 109.0.66.20

O17 - HKLM\System\CS3\Services\Tcpip\..\{B0640846-9E80-45B2-A6D5-7F8D6BBE1E07}: DhcpNameServer = 10.71.0.1

O17 - HKLM\System\CS3\Services\Tcpip\..\{F9E32B22-CA08-4CE2-A3C9-38C89F6E1EF0}: DhcpNameServer = 109.0.66.10 109.0.66.20

O17 - HKLM\System\CS3\Services\Tcpip\..\{B0640846-9E80-45B2-A6D5-7F8D6BBE1E07}: DhcpDomain = hshld.com

~ Scan Domain in 00mn 00s

 

 

 

---\\ Protocole additionnel (O18)

O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll

O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll

O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll

O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll

O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll

O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} . (.Microsoft Corporation - Microsoft Office Web Components 2003.) -- C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll

O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll

O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

~ Scan Protocole Additionnel in 00mn 00s

 

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: !SASWinLogon . (.SUPERAntiSpyware.com - SUPERAntiSpyware WinLogon Processor.) -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

~ Scan Winlogon in 00mn 00s

 

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (.COMODO - COMODO Internet Security.) - C:\Windows\System32\guard32.dll

~ Scan AppInit DLL in 00mn 00s

 

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll

~ Scan SSODL in 00mn 00s

 

 

 

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll

~ Scan STS/SSO in 00mn 00s

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) . (.cFos Software GmbH - cFosSpeed Service.) - C:\Program Files\cFosSpeed\spd.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) . (.COMODO - COMODO Internet Security.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Google Software Updater (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hotspot Shield Service (hshld) . (...) - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) . (.AnchorFree Inc. - Pas de description.) - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Monitoring Service (HssWd) . (...) - C:\Program Files\Hotspot Shield\bin\hsswd.exe

O23 - Service: lxcz_device (lxcz_device) . (.Pas de propriétaire - Printer Communication System.) - C:\Windows\system32\lxczcoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 275.3.) - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: Sandboxie Service (SbieSvc) . (.tzuk - Sandboxie Service.) - C:\Program Files\Sandboxie\SbieSvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) . (.Rocket Division Software - StarWind iSCSI Target (Alcohol Edition).) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: C:\Windows\System32\TUProgSt.exe (TuneUp.ProgramStatisticsSvc) . (.TuneUp Software - TuneUp Program Statistics Service.) - C:\Windows\System32\TUProgSt.exe

O23 - Service: X10 Device Network Service (x10nets) . (.X10 - X10 Module.) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

~ Scan Services in 00mn 00s

 

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe

~ Scan Desktop Component in 00mn 00s

 

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Google Software Updater.job

[MD5.5467F1FF0AF264566740F67E8B810735] [APT] [Google Software Updater] (.Google.) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[MD5.3A0647BDED81DBE0BCBB51D70B22C9E0] [APT] [Java Update Scheduler] (.Sun Microsystems, Inc..) -- C:\Program Files\Java\jre6\bin\jusched.exe

[MD5.402832B3EEAB32E9AEB809FF7D8C3A8D] [APT] [Maintenance en 1 clic] (.TuneUp Software GmbH.) -- C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe

[MD5.00000000000000000000000000000000] [APT] [{094B910C-CC8B-4FB2-ABFD-4336C5DFBB9F}] (...) -- C:\Users\Patouche\Logiciels vrac\FreeRapid-0.83u1\frd.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{24E6F6C5-4BD8-4BFA-A1E4-F61FE7DE84B1}] (...) -- C:\Program Files\Cepstral\bin\ceptools.cpl" (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{3EF3CCB3-DD96-4699-B35D-2C5E220C18E7}] (...) -- C:\Users\Patouche\Desktop\Voix\AV Music Morpher Gold Full 4.0.68 + keygen\music_morpher_gold.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{48631814-5C7F-4619-94C0-90BAEAF8CE19}] (...) -- c:\users\Patouche\Documents\Transfert Maxtor 40\Documents Pounet\Bureau\Tof\Install_AACD_v3.exe (.not file.)

[MD5.108FCDE8AC9CF07C55CF19D7302DCCC8] [APT] [{A92A4ABD-EBBA-44EE-8E33-C7796BA785DE}] (...) -- C:\Users\Patouche\Logiciels vrac\VirtualDub 1.9.8\auxsetup.exe

[MD5.00000000000000000000000000000000] [APT] [{BC3EC294-1DD7-4F82-9523-21FF037ACA8B}] (...) -- C:\Users\Patouche\Desktop\Voix\AV Music Morpher Gold Full 4.0.68 + keygen\music_morpher_gold.exe (.not file.)

[MD5.D41D8CD98F00B204E9800998ECF8427E] [APT] [{EDC46986-AB54-4ECF-8516-9A8266253420}] (...) -- C:\Program Files\QuickTime\QTSystem\QuickTime.cpl"

~ Scan Scheduled Task in 00mn 02s

 

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys

O41 - Driver: (cmderd) . (.COMODO - COMODO Internet Security Eradication Driver.) - C:\Windows\system32\DRIVERS\cmderd.sys

O41 - Driver: (cmdGuard) . (.COMODO - COMODO Internet Security Sandbox Driver.) - C:\Windows\system32\DRIVERS\cmdguard.sys

O41 - Driver: (cmdHlp) . (.COMODO - COMODO Internet Security Helper Driver.) - C:\Windows\system32\DRIVERS\cmdhlp.sys

O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys

O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\system32\DRIVERS\i8042prt.sys

O41 - Driver: (inspect) . (.COMODO - COMODO Internet Security Firewall Driver.) - C:\Windows\system32\DRIVERS\inspect.sys

O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\system32\DRIVERS\kbdclass.sys

O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre clavier HID.) - C:\Windows\system32\DRIVERS\kbdhid.sys

O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\system32\DRIVERS\mouclass.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys

O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys

O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys

O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\system32\DRIVERS\rasacd.sys

O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\system32\DRIVERS\rdbss.sys

O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys

O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys

O41 - Driver: (SASDIFSV) . (.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys

O41 - Driver: (SASKUTIL) . (.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\system32\DRIVERS\serial.sys

O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\system32\DRIVERS\smb.sys

O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys

O41 - Driver: (Inspect) . (.COMODO - COMODO Internet Security Firewall Driver.) - C:\Windows\system32\DRIVERS\inspect.sys

~ Scan Drivers in 00mn 00s

 

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM] -- {CB099890-1D5F-11D5-9EA9-0050BAE317E1}

O42 - Logiciel: CyberLink WaveEditor - (.CyberLink Corp..) [HKLM] -- InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}

O42 - Logiciel: CyberLink WaveEditor - (.CyberLink Corp..) [HKLM] -- {324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}

O42 - Logiciel: DVR-MS 2 MPEG2 1.3 - (.*Baby*.) [HKLM] -- {414CB829-7CCC-4426-BB2A-152E482EB081}_is1

O42 - Logiciel: DebugMode Wink - (.Pas de propriétaire.) [HKLM] -- DebugMode Wink

O42 - Logiciel: DivX Pro 6.8.0 VFW - (.Pas de propriétaire.) [HKLM] -- divx650vfw_is1

O42 - Logiciel: Dracula 3 - (.Microids.) [HKLM] -- Dracula 3_is1

O42 - Logiciel: Dungeon Siege 2 - (.Microsoft.) [HKLM] -- DungeonSiege2

O42 - Logiciel: EASEUS Partition Master 8.0.1 Home Edition - (.EASEUS.) [HKLM] -- EASEUS Partition Master Home Edition_is1

O42 - Logiciel: Encyclopaedia Universalis 2011 - (.Encyclopaedia Universalis.) [HKLM] -- Encyclopaedia Universalis 2011

O42 - Logiciel: Free Download Manager 3.0 - (.FreeDownloadManager.ORG.) [HKLM] -- Free Download Manager_is1

O42 - Logiciel: GameSpy Arcade - (.Pas de propriétaire.) [HKLM] -- GameSpy Arcade

O42 - Logiciel: HFSExplorer 0.21 - (.Catacombae Software.) [HKLM] -- HFSExplorer

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

O42 - Logiciel: Hotspot_Shield Toolbar - (.Pas de propriétaire.) [HKLM] -- Hotspot_Shield Toolbar

O42 - Logiciel: I-Doser v4 - (.Pas de propriétaire.) [HKCU] -- I-Doser v4

O42 - Logiciel: IRAssistant 3.40b1 - (.Pas de propriétaire.) [HKLM] -- IRAssistant

O42 - Logiciel: IsoBuster 2.6 - (.Smart Projects.) [HKLM] -- IsoBuster_is1

O42 - Logiciel: KB408682 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A81300000003}_814

O42 - Logiciel: Lexmark 1200 Series - (.Lexmark International, Inc..) [HKLM] -- Lexmark 1200 Series

O42 - Logiciel: LimeWire 5.2.4 - (.Lime Wire, LLC.) [HKLM] -- LimeWire

O42 - Logiciel: MSDN Library pour les éditions Microsoft Visual Studio 2008 Express - (.Microsoft Corporation.) [HKLM] -- MSDN Library for Microsoft Visual Studio 2008 Express Editions

O42 - Logiciel: Magic ISO Maker v5.4 (build 0255) - (.Pas de propriétaire.) [HKLM] -- Magic ISO Maker v5.4 (build 0255)

O42 - Logiciel: MagicDisc 2.7.105 - (.Pas de propriétaire.) [HKLM] -- MagicDisc 2.7.105

O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.1.1800 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: MediaCoder 2011 - (.Broad Intelligence.) [HKLM] -- MediaCoder

O42 - Logiciel: MeuhMeuhTV Alpha 3.0.0.32 - (.La Communauté de la Vache.) [HKLM] -- MeuhMeuhTV Alpha_is1

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- HOMESTUDENTR

O42 - Logiciel: Microsoft SQL Server 2005 - (.Microsoft Corporation.) [HKLM] -- Microsoft SQL Server 2005

O42 - Logiciel: Microsoft Visual Basic 2008 Express - Français - (.Microsoft Corporation.) [HKLM] -- Microsoft Visual Basic 2008 Express Edition - FRA

O42 - Logiciel: Mises à jour NVIDIA 1.3.5 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update

O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack

O42 - Logiciel: Morpheus Photo Animation Suite v3.10 - (.Morpheus Software, LLC.) [HKLM] -- Morpheus Photo Animation Suite_is1

O42 - Logiciel: Mozilla Firefox 5.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 5.0 (x86 fr)

O42 - Logiciel: Mozilla Thunderbird (2.0.0.23) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird (2.0.0.23)

O42 - Logiciel: NVIDIA 3D Vision Controller Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIA StereoUSB Driver

O42 - Logiciel: NVIDIA 3D Vision Controller Driver 270.61 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB

O42 - Logiciel: NVIDIA Logiciel système PhysX 9.10.0514 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX

O42 - Logiciel: NVIDIA Pilote 3D Vision 270.61 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision

O42 - Logiciel: NVIDIA Pilote audio HD : 1.2.22.1 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver

O42 - Logiciel: NVIDIA Pilote graphique 275.33 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver

O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo

O42 - Logiciel: Natura Sound Therapy - (.Blissive Software.) [HKLM] -- Natura Sound Therapy

O42 - Logiciel: Nero 9 - (.Nero AG.) [HKLM] -- {734cc1bd-77bc-4b44-a028-1dc68def1d95}

O42 - Logiciel: PaltalkScene - (.AVM Software Inc..) [HKLM] -- PalTalk8.2

O42 - Logiciel: Perfect Uninstaller v6.3.3.5 - (.www.PerfectUninstaller.com.) [HKLM] -- Perfect Uninstaller_is1

O42 - Logiciel: Player - (.Pas de propriétaire.) [HKCU] -- QUICKMEDIACONVERTER

O42 - Logiciel: ProxyFirewall 1.0.4 Beta - (.Unique Internet Services.) [HKLM] -- ProxyFirewall_is1

O42 - Logiciel: QuickPar 0.9 - (.Peter B. Clements.) [HKLM] -- QuickPar

O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

O42 - Logiciel: Reason 4.0 - (.Propellerhead Software AB.) [HKLM] -- Reason4_is1

O42 - Logiciel: Replay Video Capture - (.Applian Technologies Inc..) [HKLM] -- Replay Video Capture4.1

O42 - Logiciel: Sandboxie 3.42 - (.Pas de propriétaire.) [HKLM] -- Sandboxie

O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870

O42 - Logiciel: SmartSound Quicktracks 5 - (.SmartSound Software Inc..) [HKLM] -- InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}

O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1

O42 - Logiciel: StreamTransport version: 1.0.2.1975 - (.Pas de propriétaire.) [HKLM] -- {FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1

O42 - Logiciel: SubDownloader2 - (.Pas de propriétaire.) [HKLM] -- SubDownloader2

O42 - Logiciel: Super macro 3.1 - (.Pas de propriétaire.) [HKLM] -- Super macro

O42 - Logiciel: System Requirements Lab - (.Pas de propriétaire.) [HKLM] -- SystemRequirementsLab

O42 - Logiciel: Technitium MAC Address Changer v5.0 Release 3 - (.Technitium.) [HKLM] -- TMACv5.0R3

O42 - Logiciel: Total Recorder 7.0 - (.Pas de propriétaire.) [HKLM] -- TotalRecorder

O42 - Logiciel: Total Video Converter 3.12 080330 - (.EffectMatrix Inc..) [HKLM] -- Total Video Converter 3.12_is1

O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

O42 - Logiciel: VLC media player 1.1.11 - (.VideoLAN.) [HKLM] -- VLC media player

O42 - Logiciel: WampServer 2.1 - (.Hervé Leclerc (HeL).) [HKLM] -- WampServer 2_is1

O42 - Logiciel: WinRAR archiver - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver

O42 - Logiciel: X10 Hardware - (.Pas de propriétaire.) [HKLM] -- X10Hardware

O42 - Logiciel: Xvid 1.2.2 final uninstall - (.Xvid team (Koepi).) [HKLM] -- Xvid_is1

O42 - Logiciel: Yahoo! Messenger - (.Yahoo! Inc..) [HKLM] -- Yahoo! Messenger

O42 - Logiciel: ZebHelpProcess 2.49 - (.Nicolas Coolman.) [HKLM] -- Zeb Help Process_is1

O42 - Logiciel: cFosSpeed v4.51 - (.cFos Software GmbH, Bonn.) [HKLM] -- cFosSpeed

O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKCU] -- uTorrent

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AACD]

[HKCU\Software\Actecom]

[HKCU\Software\Adobe]

[HKCU\Software\Alcohol Soft]

[HKCU\Software\Antenet]

[HKCU\Software\AppDataLow\Software\Adobe]

[HKCU\Software\AppDataLow\Software\AskToolbar]

[HKCU\Software\AppDataLow\Software\Conduit]

[HKCU\Software\AppDataLow\Software\Hotspot_Shield]

[HKCU\Software\AppDataLow\Software\Macromedia]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software\Monitored]

[HKCU\Software\AppDataLow\Software\settings]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow\Toolbar]

[HKCU\Software\AppDataLow]

[HKCU\Software\Apple Computer, Inc.]

[HKCU\Software\Applian]

[HKCU\Software\AsfTools]

[HKCU\Software\Avnex]

[HKCU\Software\Bert's Software]

[HKCU\Software\Beyersdorf]

[HKCU\Software\BitTorrent]

[HKCU\Software\Borland]

[HKCU\Software\C:]

[HKCU\Software\CDDB]

[HKCU\Software\CamStudioOpenSource for Nick]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\ComodoGroup]

[HKCU\Software\Comodo]

[HKCU\Software\Cyberlink]

[HKCU\Software\Cygwin]

[HKCU\Software\Debugmode]

[HKCU\Software\DirectShow]

[HKCU\Software\DivXNetworks]

[HKCU\Software\EASEUS]

[HKCU\Software\EasyBits]

[HKCU\Software\FLEXnet]

[HKCU\Software\Foxit Software]

[HKCU\Software\FreeDownloadManager.ORG]

[HKCU\Software\Freeware]

[HKCU\Software\GNU]

[HKCU\Software\Gabest]

[HKCU\Software\GameSpy]

[HKCU\Software\Google]

[HKCU\Software\Hensense.com]

[HKCU\Software\HighCriteria]

[HKCU\Software\HotspotShield]

[HKCU\Software\Intel]

[HKCU\Software\Intelore]

[HKCU\Software\JEDI-VCL]

[HKCU\Software\JaboSoft]

[HKCU\Software\JavaSoft]

[HKCU\Software\Jouve]

[HKCU\Software\Key Metric Software]

[HKCU\Software\Lake]

[HKCU\Software\Lavalys]

[HKCU\Software\Lavasoft]

[HKCU\Software\LexmarkPhoto]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\Log Viewer]

[HKCU\Software\Logitech]

[HKCU\Software\Macromedia]

[HKCU\Software\Macrovision]

[HKCU\Software\MagicDisc]

[HKCU\Software\MagicISO]

[HKCU\Software\Magnet]

[HKCU\Software\MainConcept]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\Microids]

[HKCU\Software\MimarSinan]

[HKCU\Software\Morpheus Software]

[HKCU\Software\Mozilla Backup]

[HKCU\Software\Mozilla]

[HKCU\Software\N64 Emulation]

[HKCU\Software\NVIDIA Corporation]

[HKCU\Software\Nektra]

[HKCU\Software\Nero]

[HKCU\Software\Netscape]

[HKCU\Software\Noromaa Solutions]

[HKCU\Software\Nuance]

[HKCU\Software\ODBC]

[HKCU\Software\OpenOffice.org]

[HKCU\Software\PC SOFT]

[HKCU\Software\Paint.NET]

[HKCU\Software\Paltalk]

[HKCU\Software\Perfect Software]

[HKCU\Software\Perfect Uninstaller]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\Propellerhead Software]

[HKCU\Software\Quark]

[HKCU\Software\QuickPar]

[HKCU\Software\RayV]

[HKCU\Software\Realtek]

[HKCU\Software\Replay Video Capture]

[HKCU\Software\SUPERAntiSpyware.com]

[HKCU\Software\SWiSHzone.com]

[HKCU\Software\Safer Networking Limited]

[HKCU\Software\ScanSoft]

[HKCU\Software\SecuROM]

[HKCU\Software\SenBit]

[HKCU\Software\Skype]

[HKCU\Software\Smart Projects]

[HKCU\Software\SmartSound Software]

[HKCU\Software\Softonic]

[HKCU\Software\Sony Media Software]

[HKCU\Software\SubDownloader]

[HKCU\Software\SubSystems]

[HKCU\Software\Sysinternals]

[HKCU\Software\TechSmith]

[HKCU\Software\TuneUp]

[HKCU\Software\Ulead Systems]

[HKCU\Software\UniqueInternetServices]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\VirtualDub.org]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\XPRepairPro4]

[HKCU\Software\Yahoo]

[HKCU\Software\Zeon]

[HKCU\Software\Zyrax Software]

[HKCU\Software\ej-technologies]

[HKCU\Software\iMacros]

[HKCU\Software\pth264]

[HKCU\Software\tvp]

[HKLM\Software\AGEIA Technologies]

[HKLM\Software\ANI]

[HKLM\Software\Acronis]

[HKLM\Software\Adobe]

[HKLM\Software\Ahead]

[HKLM\Software\Alpha Networks]

[HKLM\Software\AppDataLow]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\Apple Inc.]

[HKLM\Software\Applian]

[HKLM\Software\Avnex]

[HKLM\Software\Beyersdorf]

[HKLM\Software\Blissive Software]

[HKLM\Software\Borland]

[HKLM\Software\CDDB]

[HKLM\Software\Caphyon]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\ComodoGroup]

[HKLM\Software\Conduit]

[HKLM\Software\Converter]

[HKLM\Software\CyberLink]

[HKLM\Software\Cygwin]

[HKLM\Software\DebugMode]

[HKLM\Software\Debug]

[HKLM\Software\FreeDownloadManager.ORG]

[HKLM\Software\FullCircle]

[HKLM\Software\Google]

[HKLM\Software\HighCriteria]

[HKLM\Software\Hotspot_Shield]

[HKLM\Software\InstallShield]

[HKLM\Software\Intel]

[HKLM\Software\InterVideo]

[HKLM\Software\Iron Lore]

[HKLM\Software\JavaSoft]

[HKLM\Software\Jouve]

[HKLM\Software\JreMetrics]

[HKLM\Software\Kaydara]

[HKLM\Software\Khronos]

[HKLM\Software\L&H]

[HKLM\Software\Lake]

[HKLM\Software\LexmarkInkjet]

[HKLM\Software\Lexmark]

[HKLM\Software\Licenses]

[HKLM\Software\Logitech]

[HKLM\Software\MAXSOFT-OCRON]

[HKLM\Software\MC4D]

[HKLM\Software\MMTV]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\MeuhMeuhTV]

[HKLM\Software\MimarSinan]

[HKLM\Software\Morpheus Software]

[HKLM\Software\Moyea]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\NVIDIA Corporation]

[HKLM\Software\Nero]

[HKLM\Software\ODBC]

[HKLM\Software\OpenOffice.org]

[HKLM\Software\PBSWProducts]

[HKLM\Software\Perfect Uninstaller]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\Propellerhead Software]

[HKLM\Software\Quark]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Replay Video Capture]

[HKLM\Software\S3R521]

[HKLM\Software\SUPERAntiSpyware.com]

[HKLM\Software\Safer Networking Limited]

[HKLM\Software\ScanSoft]

[HKLM\Software\SenBit]

[HKLM\Software\Skype]

[HKLM\Software\SmartSound Software]

[HKLM\Software\Sonic]

[HKLM\Software\Sony Corporation]

[HKLM\Software\Sony Media Software]

[HKLM\Software\Sun Microsystems]

[HKLM\Software\Swearware]

[HKLM\Software\TechSmith]

[HKLM\Software\Technitium]

[HKLM\Software\TrendMicro]

[HKLM\Software\TuneUp]

[HKLM\Software\Ulead Systems]

[HKLM\Software\Unreal]

[HKLM\Software\VideoLAN]

[HKLM\Software\Wow6432Node]

[HKLM\Software\Yahoo]

[HKLM\Software\ZEON]

[HKLM\Software\cFos]

[HKLM\Software\ej-technologies]

[HKLM\Software\iTinySoft]

[HKLM\Software\mozilla.org]

~ Scan Softwares in 00mn 00s

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 13/01/2009 - 18:31:48 - [40014656] ----D- C:\Program Files\Acronis

O43 - CFD: 07/12/2007 - 16:54:20 - [12683094] ----D- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

O43 - CFD: 10/08/2011 - 14:07:30 - [2599541589] ----D- C:\Program Files\Adobe

O43 - CFD: 01/10/2009 - 15:44:44 - [932461] ----D- C:\Program Files\adslTV

O43 - CFD: 05/07/2009 - 11:43:40 - [13133503] ----D- C:\Program Files\Alcohol Soft

O43 - CFD: 17/07/2011 - 16:02:02 - [2221118] ----D- C:\Program Files\Apple Software Update

O43 - CFD: 28/04/2009 - 13:21:00 - [0] ----D- C:\Program Files\Auslogics

O43 - CFD: 19/02/2009 - 01:43:28 - [0] ----D- C:\Program Files\Babylon

O43 - CFD: 04/08/2011 - 21:34:38 - [23357186] ----D- C:\Program Files\Binload

O43 - CFD: 11/06/2009 - 13:02:46 - [2417595] ----D- C:\Program Files\BrainWave Generator

O43 - CFD: 31/07/2011 - 13:35:30 - [4092512] ----D- C:\Program Files\CCleaner

O43 - CFD: 11/08/2011 - 10:50:08 - [7272866] ----D- C:\Program Files\cFosSpeed

O43 - CFD: 11/08/2011 - 09:25:16 - [1389557951] ----D- C:\Program Files\Common Files

O43 - CFD: 04/04/2010 - 10:18:34 - [513159023] ----D- C:\Program Files\COMODO

O43 - CFD: 02/08/2011 - 21:34:12 - [520728] ----D- C:\Program Files\Conduit

O43 - CFD: 31/07/2011 - 15:14:44 - [513229641] ----D- C:\Program Files\CyberLink

O43 - CFD: 15/04/2011 - 06:52:26 - [0] ----D- C:\Program Files\D-Link

O43 - CFD: 04/07/2011 - 08:00:28 - [9889635] ----D- C:\Program Files\DebugMode

O43 - CFD: 07/02/2010 - 19:29:46 - [694087] ----D- C:\Program Files\DivX Pro VFW

O43 - CFD: 07/02/2010 - 11:53:36 - [39465930] ----D- C:\Program Files\DVR-MS 2 MPEG2

O43 - CFD: 12/07/2011 - 00:53:44 - [34375700] ----D- C:\Program Files\EASEUS

O43 - CFD: 05/07/2011 - 04:19:28 - [3135] ----D- C:\Program Files\EasyPHP-5.3.2i

O43 - CFD: 01/07/2011 - 09:59:12 - [6027969222] ----D- C:\Program Files\Encyclopaedia Universalis 2011

O43 - CFD: 11/09/2008 - 15:33:34 - [0] -SH-D- C:\Program Files\Fichiers communs

O43 - CFD: 01/10/2009 - 13:27:04 - [19056752] ----D- C:\Program Files\Free Download Manager

O43 - CFD: 15/03/2009 - 07:59:10 - [9497761] ----D- C:\Program Files\GameSpy Arcade

O43 - CFD: 28/01/2009 - 09:08:36 - [27815141] ----D- C:\Program Files\Google

O43 - CFD: 12/07/2011 - 22:33:26 - [2898974] ----D- C:\Program Files\HFSExplorer

O43 - CFD: 12/05/2009 - 01:26:06 - [8519146] ----D- C:\Program Files\HighCriteria

O43 - CFD: 04/01/2008 - 18:17:06 - [652221248] ----D- C:\Program Files\HomeCinema

O43 - CFD: 02/08/2011 - 21:34:16 - [7392902] ----D- C:\Program Files\Hotspot Shield

O43 - CFD: 02/08/2011 - 21:34:14 - [2549523] ----D- C:\Program Files\Hotspot_Shield

O43 - CFD: 17/05/2009 - 11:51:24 - [7161150] ----D- C:\Program Files\IDoser v4

O43 - CFD: 31/07/2011 - 15:15:14 - [34948594] --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 23/09/2008 - 18:53:32 - [1824041] ----D- C:\Program Files\Intelore

O43 - CFD: 17/07/2011 - 11:38:26 - [6386003] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 03/07/2011 - 11:10:24 - [2277841] ----D- C:\Program Files\IRAssistant

O43 - CFD: 14/06/2011 - 06:34:16 - [90223182] ----D- C:\Program Files\Java

O43 - CFD: 10/06/2011 - 00:26:24 - [0] ----D- C:\Program Files\JRE

O43 - CFD: 01/07/2011 - 10:41:40 - [24247317] ----D- C:\Program Files\Key Metric Software

O43 - CFD: 23/06/2011 - 16:21:56 - [78969695] ----D- C:\Program Files\Lexmark 1200 Series

O43 - CFD: 11/07/2009 - 07:28:22 - [77598309] ----D- C:\Program Files\LimeWire

O43 - CFD: 28/09/2008 - 15:51:18 - [937576] ----D- C:\Program Files\MagicDisc

O43 - CFD: 28/09/2008 - 18:09:00 - [3137968] ----D- C:\Program Files\MagicISO

O43 - CFD: 17/06/2011 - 21:51:56 - [21232200] ----D- C:\Program Files\MahJong Suite

O43 - CFD: 16/07/2011 - 15:15:34 - [7065135] ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 30/07/2011 - 14:05:58 - [94696188] ----D- C:\Program Files\MediaCoder

O43 - CFD: 30/09/2008 - 09:44:40 - [19891430] ----D- C:\Program Files\Mediafour

O43 - CFD: 23/01/2010 - 19:14:02 - [8204356] ----D- C:\Program Files\MeuhMeuhTV Alpha

O43 - CFD: 20/07/2009 - 12:28:34 - [2502737873] ----D- C:\Program Files\Microsoft Games

O43 - CFD: 23/03/2010 - 09:04:02 - [405352788] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 27/05/2009 - 02:23:10 - [2694269] ----D- C:\Program Files\Microsoft Reader

O43 - CFD: 18/10/2008 - 04:54:58 - [11794332] ----D- C:\Program Files\Microsoft SDKs

O43 - CFD: 08/05/2011 - 15:27:28 - [39414723] ----D- C:\Program Files\Microsoft Silverlight

O43 - CFD: 18/10/2008 - 05:08:36 - [233117447] ----D- C:\Program Files\Microsoft SQL Server

O43 - CFD: 18/10/2008 - 04:59:20 - [4475556] ----D- C:\Program Files\Microsoft SQL Server Compact Edition

O43 - CFD: 18/10/2008 - 04:59:20 - [616125] ----D- C:\Program Files\Microsoft Synchronization Services

O43 - CFD: 18/10/2008 - 05:00:08 - [813853404] ----D- C:\Program Files\Microsoft Visual Studio 9.0

O43 - CFD: 07/12/2007 - 16:59:42 - [144949414] ----D- C:\Program Files\Microsoft Works

O43 - CFD: 15/04/2011 - 13:15:42 - [9739013] ----D- C:\Program Files\Microsoft.NET

O43 - CFD: 21/09/2008 - 19:57:00 - [136492044] ----D- C:\Program Files\Mindscape

O43 - CFD: 31/05/2009 - 19:00:50 - [12098261] ----D- C:\Program Files\Morpheus Photo Animation Suite

O43 - CFD: 15/04/2011 - 08:09:38 - [99342446] ----D- C:\Program Files\Movie Maker

O43 - CFD: 23/06/2011 - 10:26:52 - [39393903] ----D- C:\Program Files\Mozilla Firefox

O43 - CFD: 09/09/2009 - 19:20:34 - [26612349] ----D- C:\Program Files\Mozilla Thunderbird

O43 - CFD: 02/11/2006 - 14:37:36 - [25757] ----D- C:\Program Files\MSBuild

O43 - CFD: 17/07/2011 - 08:38:28 - [0] ----D- C:\Program Files\MSECACHE

O43 - CFD: 17/12/2007 - 17:47:42 - [0] ----D- C:\Program Files\MSXML 4.0

O43 - CFD: 28/05/2009 - 20:03:00 - [60791135] ----D- C:\Program Files\Natura Sound Therapy

O43 - CFD: 26/07/2009 - 14:35:54 - [503998234] ----D- C:\Program Files\Nero

O43 - CFD: 28/09/2008 - 13:11:48 - [0] ----D- C:\Program Files\NetConceal

O43 - CFD: 10/07/2011 - 19:33:52 - [524761037] ----D- C:\Program Files\Nuance

O43 - CFD: 08/05/2011 - 11:09:50 - [806371196] ----D- C:\Program Files\NVIDIA Corporation

O43 - CFD: 10/06/2011 - 00:30:38 - [423181738] ----D- C:\Program Files\OpenOffice.org 3

O43 - CFD: 03/02/2010 - 21:05:46 - [21080073] ----D- C:\Program Files\Paltalk Messenger

O43 - CFD: 07/07/2009 - 19:45:12 - [13439408] ----D- C:\Program Files\Perfect Uninstaller

O43 - CFD: 26/10/2008 - 18:39:04 - [2467294] ----D- C:\Program Files\PROnetworks

O43 - CFD: 10/06/2009 - 10:36:00 - [1499468173] ----D- C:\Program Files\Propellerhead

O43 - CFD: 18/02/2010 - 18:11:34 - [2390068] ----D- C:\Program Files\ProxyFirewall

O43 - CFD: 30/07/2011 - 19:14:54 - [48071107] ----D- C:\Program Files\QuickMediaConverter

O43 - CFD: 27/07/2011 - 21:28:22 - [941108] ----D- C:\Program Files\QuickPar

O43 - CFD: 17/07/2011 - 16:06:00 - [76322555] ----D- C:\Program Files\QuickTime

O43 - CFD: 07/12/2007 - 15:17:42 - [16359636] ----D- C:\Program Files\Realtek

O43 - CFD: 02/11/2006 - 14:37:36 - [60923158] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 27/05/2010 - 09:33:40 - [1773056] ----D- C:\Program Files\RegCleaner

O43 - CFD: 11/08/2011 - 07:46:54 - [435556628] ----D- C:\Program Files\RegTweaker

O43 - CFD: 23/07/2011 - 23:27:28 - [25567923] ----D- C:\Program Files\Replay Video Capture

O43 - CFD: 10/05/2009 - 13:59:16 - [2367370] ----D- C:\Program Files\Sandboxie

O43 - CFD: 01/12/2009 - 14:25:10 - [10451377] ----D- C:\Program Files\Smart Projects

O43 - CFD: 30/07/2011 - 23:31:32 - [22354572] ----D- C:\Program Files\SmartSound Software

O43 - CFD: 28/05/2009 - 13:42:56 - [140056594] ----D- C:\Program Files\Sony

O43 - CFD: 29/11/2009 - 17:46:26 - [82517518] ----D- C:\Program Files\Spybot - Search & Destroy

O43 - CFD: 13/06/2011 - 07:46:06 - [5595691] ----D- C:\Program Files\StreamTransport

O43 - CFD: 23/08/2009 - 10:00:38 - [30000440] ----D- C:\Program Files\SubDownloader2

O43 - CFD: 20/01/2011 - 18:40:42 - [17503545] ----D- C:\Program Files\Super macro

O43 - CFD: 21/09/2009 - 08:20:28 - [22828817] ----D- C:\Program Files\SUPERAntiSpyware

O43 - CFD: 09/05/2011 - 12:42:32 - [396401] ----D- C:\Program Files\SystemRequirementsLab

O43 - CFD: 29/09/2009 - 22:39:18 - [2059346] ----D- C:\Program Files\Technitium

O43 - CFD: 05/07/2009 - 15:03:26 - [61878111] ----D- C:\Program Files\TechSmith

O43 - CFD: 13/12/2008 - 18:06:40 - [27495818] ----D- C:\Program Files\Total Video Converter

O43 - CFD: 08/08/2011 - 06:30:22 - [801475] ----D- C:\Program Files\trend micro

O43 - CFD: 13/07/2011 - 21:20:28 - [11055] ----D- C:\Program Files\Trojan Remover

O43 - CFD: 06/08/2009 - 07:58:28 - [42463405] ----D- C:\Program Files\TuneUp Utilities 2009

O43 - CFD: 07/12/2007 - 16:10:18 - [390235965] ----D- C:\Program Files\Ulead Systems

O43 - CFD: 30/06/2009 - 08:53:18 - [53248] ----D- C:\Program Files\UltraISO

O43 - CFD: 02/11/2006 - 15:01:56 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 16/09/2008 - 12:07:56 - [270128] ----D- C:\Program Files\uTorrent

O43 - CFD: 14/09/2008 - 13:45:36 - [91167406] ----D- C:\Program Files\VideoLAN

O43 - CFD: 28/05/2009 - 13:41:34 - [247] ----D- C:\Program Files\Vstplugins

O43 - CFD: 05/05/2009 - 05:27:24 - [858084] ----D- C:\Program Files\Western Digital Technologies

O43 - CFD: 27/05/2009 - 20:27:28 - [1016832] ----D- C:\Program Files\Windows Calendar

O43 - CFD: 27/05/2009 - 20:27:22 - [2737152] ----D- C:\Program Files\Windows Collaboration

O43 - CFD: 27/05/2009 - 20:27:06 - [4490624] ----D- C:\Program Files\Windows Defender

O43 - CFD: 17/07/2011 - 08:35:04 - [142742] ----D- C:\Program Files\Windows Installer Clean Up

O43 - CFD: 27/05/2009 - 20:27:22 - [7084664] ----D- C:\Program Files\Windows Journal

O43 - CFD: 15/06/2011 - 08:35:16 - [9116344] ----D- C:\Program Files\Windows Mail

O43 - CFD: 15/04/2011 - 08:09:46 - [4498121] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 11/09/2008 - 15:33:34 - [7957544] ----D- C:\Program Files\Windows NT

O43 - CFD: 27/05/2009 - 20:27:16 - [13528738] ----D- C:\Program Files\Windows Photo Gallery

O43 - CFD: 27/05/2009 - 20:27:22 - [6527558] ----D- C:\Program Files\Windows Sidebar

O43 - CFD: 01/08/2011 - 11:28:30 - [3656864] ----D- C:\Program Files\WinRar

O43 - CFD: 22/01/2009 - 16:15:36 - [73026611] ----D- C:\Program Files\WorldOfGoo

O43 - CFD: 07/12/2007 - 15:32:14 - [18211] ----D- C:\Program Files\X10 Hardware

O43 - CFD: 09/07/2011 - 20:02:34 - [11894039] ----D- C:\Program Files\XP Repair Pro 4.0

O43 - CFD: 01/05/2010 - 18:11:48 - [770235] ----D- C:\Program Files\Xvid

O43 - CFD: 02/05/2009 - 12:07:36 - [25269443] ----D- C:\Program Files\Yahoo!

O43 - CFD: 11/08/2011 - 06:47:12 - [105755527] ----D- C:\Program Files\ZebHelpProcess

O43 - CFD: 01/07/2011 - 10:54:26 - [2562] --H-D- C:\Program Files\Zero G Registry

O43 - CFD: 11/08/2011 - 10:54:56 - [3999742] ----D- C:\Program Files\ZHPDiag

O43 - CFD: 13/01/2009 - 18:31:54 - [110232435] ----D- C:\Program Files\Common Files\Acronis

O43 - CFD: 18/07/2011 - 13:43:44 - [384772482] ----D- C:\Program Files\Common Files\Adobe

O43 - CFD: 17/07/2011 - 16:02:26 - [54774793] ----D- C:\Program Files\Common Files\Apple

O43 - CFD: 08/08/2011 - 18:30:48 - [7675827] ----D- C:\Program Files\Common Files\Borland Shared

O43 - CFD: 07/12/2007 - 16:38:50 - [92976] ----D- C:\Program Files\Common Files\DESIGNER

O43 - CFD: 16/04/2009 - 16:17:40 - [17572458] ----D- C:\Program Files\Common Files\InstallShield

O43 - CFD: 12/06/2011 - 08:44:14 - [1258951] ----D- C:\Program Files\Common Files\Java

O43 - CFD: 27/05/2009 - 02:24:10 - [2393173] ----D- C:\Program Files\Common Files\L&H

O43 - CFD: 23/07/2011 - 09:10:08 - [751228] ----D- C:\Program Files\Common Files\Logitech

O43 - CFD: 27/05/2009 - 02:24:10 - [514438994] ----D- C:\Program Files\Common Files\microsoft shared

O43 - CFD: 26/07/2009 - 14:39:20 - [196915582] ----D- C:\Program Files\Common Files\Nero

O43 - CFD: 28/05/2009 - 10:36:28 - [0] ----D- C:\Program Files\Common Files\Screaming Bee

O43 - CFD: 02/11/2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services

O43 - CFD: 12/06/2011 - 09:16:16 - [2254216] ----D- C:\Program Files\Common Files\Skype

O43 - CFD: 02/11/2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 27/05/2009 - 20:27:16 - [43753230] ----D- C:\Program Files\Common Files\System

O43 - CFD: 07/12/2007 - 16:10:18 - [3070792] ----D- C:\Program Files\Common Files\Ulead Systems

O43 - CFD: 30/01/2009 - 13:56:04 - [5681152] ----D- C:\Program Files\Common Files\Wise Installation Wizard

O43 - CFD: 07/12/2007 - 15:31:50 - [2749689] ----D- C:\Program Files\Common Files\X10

O43 - CFD: 26/10/2008 - 03:34:02 - [6608] ----D- C:\ProgramData\2DBoy

O43 - CFD: 13/01/2009 - 18:37:48 - [36553] ----D- C:\ProgramData\Acronis

O43 - CFD: 18/07/2011 - 07:17:42 - [536174327] ----D- C:\ProgramData\Adobe

O43 - CFD: 17/07/2011 - 16:02:02 - [20614656] ----D- C:\ProgramData\Apple

O43 - CFD: 17/07/2011 - 16:05:52 - [26906557] ----D- C:\ProgramData\Apple Computer

O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Application Data

O43 - CFD: 11/09/2008 - 15:33:32 - [0] -SH-D- C:\ProgramData\Bureau

O43 - CFD: 21/05/2011 - 17:48:26 - [20771855] ----D- C:\ProgramData\COMODO

O43 - CFD: 04/04/2010 - 10:23:16 - [0] ----D- C:\ProgramData\Comodo Downloader

O43 - CFD: 31/07/2011 - 07:03:20 - [55391] ----D- C:\ProgramData\CyberLink

O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Desktop

O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Documents

O43 - CFD: 30/07/2011 - 23:31:32 - [360580] ----D- C:\ProgramData\eSellerate

O43 - CFD: 11/09/2008 - 15:33:32 - [0] -SH-D- C:\ProgramData\Favoris

O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Favorites

O43 - CFD: 10/07/2011 - 19:31:48 - [3552836] ----D- C:\ProgramData\FLEXnet

O43 - CFD: 01/10/2009 - 13:26:56 - [2796] ----D- C:\ProgramData\FreeDownloadManager.ORG

O43 - CFD: 16/09/2008 - 11:20:28 - [14402] ----D- C:\ProgramData\Google

O43 - CFD: 25/03/2009 - 21:00:22 - [14476] ----D- C:\ProgramData\Google Updater

O43 - CFD: 02/08/2011 - 21:43:12 - [0] ----D- C:\ProgramData\hssff

O43 - CFD: 07/12/2007 - 16:11:52 - [148] ----D- C:\ProgramData\InstallShield

O43 - CFD: 01/07/2011 - 10:59:48 - [124] ----D- C:\ProgramData\Key Metric Software

O43 - CFD: 10/07/2011 - 19:33:52 - [3552851] ----D- C:\ProgramData\Macrovision

O43 - CFD: 27/07/2009 - 08:26:02 - [16667929] ----D- C:\ProgramData\Malwarebytes

O43 - CFD: 30/09/2008 - 09:45:44 - [3120] ----D- C:\ProgramData\Mediafour

O43 - CFD: 11/09/2008 - 15:33:32 - [0] -SH-D- C:\ProgramData\Menu Démarrer

O43 - CFD: 17/03/2009 - 14:17:48 - [11499] ----D- C:\ProgramData\Micro Application

O43 - CFD: 08/05/2011 - 11:39:32 - [520541668] -S--D- C:\ProgramData\Microsoft

O43 - CFD: 15/12/2009 - 17:14:24 - [64118606] ----D- C:\ProgramData\Microsoft Help

O43 - CFD: 11/09/2008 - 15:33:34 - [0] -SH-D- C:\ProgramData\Modèles

O43 - CFD: 26/07/2009 - 14:27:44 - [10019027] ----D- C:\ProgramData\Nero

O43 - CFD: 27/05/2010 - 10:12:24 - [64869] ----D- C:\ProgramData\Neuro-Programmer 2 Files

O43 - CFD: 10/07/2011 - 19:34:52 - [106] ----D- C:\ProgramData\Nuance

O43 - CFD: 11/08/2011 - 09:51:06 - [2410494] ----D- C:\ProgramData\NVIDIA

O43 - CFD: 08/05/2011 - 09:56:04 - [608137] ----D- C:\ProgramData\NVIDIA Corporation

O43 - CFD: 10/06/2009 - 10:36:32 - [3401039] ----D- C:\ProgramData\Propellerhead Software

O43 - CFD: 17/07/2011 - 11:44:38 - [14598520] ----D- C:\ProgramData\Quark

O43 - CFD: 18/07/2011 - 14:16:48 - [3420] ----D- C:\ProgramData\regid.1986-12.com.adobe

O43 - CFD: 10/07/2011 - 19:33:06 - [157501] ----D- C:\ProgramData\ScanSoft

O43 - CFD: 28/05/2009 - 10:35:36 - [142] ----D- C:\ProgramData\Screaming Bee

O43 - CFD: 12/06/2011 - 09:16:12 - [20366348] ----D- C:\ProgramData\Skype

O43 - CFD: 12/06/2011 - 12:51:46 - [2818489] ----D- C:\ProgramData\Skype Extras

O43 - CFD: 01/08/2011 - 00:06:36 - [57286093] ----D- C:\ProgramData\SmartSound Software Inc

O43 - CFD: 08/08/2011 - 17:59:46 - [7437831] ----D- C:\ProgramData\Spybot - Search & Destroy

O43 - CFD: 02/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Start Menu

O43 - CFD: 08/04/2010 - 09:55:14 - [189] ----D- C:\ProgramData\Sun

O43 - CFD: 08/01/2009 - 09:03:14 - [692] ----D- C:\ProgramData\Sunbelt

O43 - CFD: 30/01/2009 - 13:56:58 - [0] ----D- C:\ProgramData\SUPERAntiSpyware.com

O43 - CFD: 05/07/2009 - 15:03:32 - [75993116] ----D- C:\ProgramData\TechSmith

O43 - CFD: 04/08/2011 - 20:06:28 - [438136] ---AD- C:\ProgramData\TEMP

O43 - CFD: 02/11/2006 - 15:02:06 - [0] -SH-D- C:\ProgramData\Templates

O43 - CFD: 22/01/2009 - 07:57:12 - [6322] ----D- C:\ProgramData\TreeCardGames

O43 - CFD: 29/04/2009 - 04:38:30 - [1645281] ----D- C:\ProgramData\TuneUp Software

O43 - CFD: 07/12/2007 - 16:10:32 - [93242] ----D- C:\ProgramData\Ulead Systems

O43 - CFD: 01/07/2011 - 10:02:26 - [6960] ----D- C:\ProgramData\UniversalisV16

O43 - CFD: 17/12/2007 - 18:22:46 - [2492] ----D- C:\ProgramData\Windows Genuine Advantage

O43 - CFD: 30/05/2009 - 08:26:04 - [0] ----D- C:\ProgramData\WindowsSearch

O43 - CFD: 03/07/2011 - 00:45:06 - [411625] ----D- C:\ProgramData\X10 Settings

O43 - CFD: 02/05/2009 - 12:31:00 - [609043] ----D- C:\ProgramData\Yahoo!

O43 - CFD: 10/07/2011 - 19:34:22 - [52073] ----D- C:\ProgramData\zeon

O43 - CFD: 20/02/2009 - 18:24:24 - [0] ----D- C:\ProgramData\_comodo_

O43 - CFD: 07/12/2007 - 16:54:24 - [6904816] ----D- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

O43 - CFD: 29/04/2009 - 04:36:20 - [16657408] -SH-D- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}

O43 - CFD: 16/01/2009 - 22:31:14 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Acronis

O43 - CFD: 29/07/2011 - 09:22:12 - [21183407] ----D- C:\Users\Patouche\AppData\Roaming\Adobe

O43 - CFD: 17/07/2011 - 15:01:24 - [355] ----D- C:\Users\Patouche\AppData\Roaming\Adobe Mini Bridge CS5.1

O43 - CFD: 17/07/2011 - 11:54:56 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Apple Computer

O43 - CFD: 24/06/2011 - 20:07:24 - [21644] ----D- C:\Users\Patouche\AppData\Roaming\Broad Intelligence

O43 - CFD: 17/07/2011 - 15:24:42 - [28938] ----D- C:\Users\Patouche\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

O43 - CFD: 17/07/2011 - 15:23:28 - [0] ----D- C:\Users\Patouche\AppData\Roaming\com.adobe.DC3Module.AdobeADC

O43 - CFD: 31/07/2011 - 18:52:32 - [21398157] ----D- C:\Users\Patouche\AppData\Roaming\CyberLink

O43 - CFD: 06/04/2011 - 08:00:34 - [199] ----D- C:\Users\Patouche\AppData\Roaming\dvdcss

O43 - CFD: 10/07/2011 - 19:37:12 - [139] ----D- C:\Users\Patouche\AppData\Roaming\FLEXnet

O43 - CFD: 06/01/2010 - 16:08:24 - [0] ----D- C:\Users\Patouche\AppData\Roaming\FMZilla

O43 - CFD: 10/08/2011 - 09:04:02 - [1071] ----D- C:\Users\Patouche\AppData\Roaming\Free Download Manager

O43 - CFD: 28/01/2009 - 09:21:44 - [33225] ----D- C:\Users\Patouche\AppData\Roaming\Google

O43 - CFD: 10/06/2009 - 08:40:30 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Help

O43 - CFD: 22/07/2011 - 10:12:46 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Hensense.com

O43 - CFD: 11/09/2008 - 15:59:48 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Identities

O43 - CFD: 01/07/2011 - 10:40:46 - [916719] ----D- C:\Users\Patouche\AppData\Roaming\Key Metric Software

O43 - CFD: 13/09/2008 - 23:31:48 - [928128] ----D- C:\Users\Patouche\AppData\Roaming\Lavasoft

O43 - CFD: 03/07/2011 - 21:53:14 - [24490118] ----D- C:\Users\Patouche\AppData\Roaming\LimeWire

O43 - CFD: 13/09/2008 - 10:54:54 - [3123823] ----D- C:\Users\Patouche\AppData\Roaming\Macromedia

O43 - CFD: 18/04/2010 - 17:05:36 - [121928] ----D- C:\Users\Patouche\AppData\Roaming\MahJong Suite

O43 - CFD: 27/07/2009 - 08:26:16 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Malwarebytes

O43 - CFD: 02/11/2006 - 14:37:36 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Media Center Programs

O43 - CFD: 20/07/2009 - 14:44:22 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Media Player Classic

O43 - CFD: 22/01/2010 - 20:08:20 - [16393] ----D- C:\Users\Patouche\AppData\Roaming\MeuhMeuhTV

O43 - CFD: 18/06/2011 - 08:14:46 - [8537998] -S--D- C:\Users\Patouche\AppData\Roaming\Microsoft

O43 - CFD: 31/05/2009 - 19:01:04 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Morpheus Software

O43 - CFD: 19/07/2011 - 23:15:40 - [35867014] ----D- C:\Users\Patouche\AppData\Roaming\Mozilla

O43 - CFD: 04/08/2009 - 17:17:34 - [1070907] ----D- C:\Users\Patouche\AppData\Roaming\Nero

O43 - CFD: 10/07/2011 - 19:33:18 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Nuance

O43 - CFD: 13/10/2008 - 22:02:56 - [37783079] ----D- C:\Users\Patouche\AppData\Roaming\OpenOffice.org

O43 - CFD: 04/01/2010 - 12:45:32 - [51403] ----D- C:\Users\Patouche\AppData\Roaming\Paltalk

O43 - CFD: 08/11/2009 - 01:54:28 - [0] ----D- C:\Users\Patouche\AppData\Roaming\PeerNetworking

O43 - CFD: 10/06/2009 - 10:38:34 - [14912] ----D- C:\Users\Patouche\AppData\Roaming\Propellerhead Software

O43 - CFD: 28/05/2009 - 14:10:28 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Publish Providers

O43 - CFD: 17/07/2011 - 11:48:44 - [41208] ----D- C:\Users\Patouche\AppData\Roaming\Quark

O43 - CFD: 30/09/2008 - 02:27:30 - [0] ----D- C:\Users\Patouche\AppData\Roaming\RayV

O43 - CFD: 10/07/2011 - 22:39:12 - [1415789] ----D- C:\Users\Patouche\AppData\Roaming\ScanSoft

O43 - CFD: 28/05/2009 - 12:06:20 - [22958] ----D- C:\Users\Patouche\AppData\Roaming\Screaming Bee

O43 - CFD: 12/06/2011 - 13:31:02 - [2110241] ----D- C:\Users\Patouche\AppData\Roaming\Skype

O43 - CFD: 12/06/2011 - 09:16:34 - [87728] ----D- C:\Users\Patouche\AppData\Roaming\skypePM

O43 - CFD: 28/05/2009 - 13:43:52 - [0] ----D- C:\Users\Patouche\AppData\Roaming\Sony

O43 - CFD: 17/07/2011 - 15:01:24 - [0] ----D- C:\Users\Patouche\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

O43 - CFD: 30/01/2009 - 13:56:44 - [37771821] ----D- C:\Users\Patouche\AppData\Roaming\SUPERAntiSpyware.com

O43 - CFD: 09/05/2011 - 12:43:10 - [1163264] ----D- C:\Users\Patouche\AppData\Roaming\SystemRequirementsLab

O43 - CFD: 12/09/2008 - 10:27:26 - [22588] ----D- C:\Users\Patouche\AppData\Roaming\Talkback

O43 - CFD: 01/10/2008 - 13:13:36 - [13824] ----D- C:\Users\Patouche\AppData\Roaming\Template

O43 - CFD: 12/09/2008 - 10:27:06 - [393040712] ----D- C:\Users\Patouche\AppData\Roaming\Thunderbird

O43 - CFD: 12/05/2009 - 01:13:10 - [34748] ----D- C:\Users\Patouche\AppData\Roaming\TotalRecorder

O43 - CFD: 29/04/2009 - 04:38:48 - [49808] ----D- C:\Users\Patouche\AppData\Roaming\TuneUp Software

O43 - CFD: 25/01/2009 - 23:49:28 - [14703405] ----D- C:\Users\Patouche\AppData\Roaming\Ulead Systems

O43 - CFD: 03/08/2011 - 12:54:48 - [35194324] ----D- C:\Users\Patouche\AppData\Roaming\uTorrent

O43 - CFD: 19/12/2009 - 23:28:16 - [340801] ----D- C:\Users\Patouche\AppData\Roaming\VitySoft

O43 - CFD: 29/07/2011 - 19:36:48 - [80761] ----D- C:\Users\Patouche\AppData\Roaming\vlc

O43 - CFD: 14/09/2008 - 13:29:46 - [0] ----D- C:\Users\Patouche\AppData\Roaming\WinRAR

O43 - CFD: 25/01/2009 - 06:55:54 - [13904] ----D- C:\Users\Patouche\AppData\Roaming\WNR

O43 - CFD: 10/07/2011 - 19:37:02 - [54962] ----D- C:\Users\Patouche\AppData\Roaming\Zeon

O43 - CFD: 19/07/2011 - 08:14:20 - [35610453] ----D- C:\Users\Patouche\AppData\Local\Adobe

O43 - CFD: 12/09/2008 - 19:28:32 - [190265] ----D- C:\Users\Patouche\AppData\Local\Ahead

O43 - CFD: 17/07/2011 - 16:02:06 - [0] ----D- C:\Users\Patouche\AppData\Local\Apple

O43 - CFD: 17/07/2011 - 15:30:06 - [0] ----D- C:\Users\Patouche\AppData\Local\Apple Computer

O43 - CFD: 11/09/2008 - 15:59:40 - [0] -SH-D- C:\Users\Patouche\AppData\Local\Application Data

O43 - CFD: 16/02/2010 - 07:28:16 - [0] ----D- C:\Users\Patouche\AppData\Local\Apps

O43 - CFD: 23/01/2009 - 13:26:42 - [12697] ----D- C:\Users\Patouche\AppData\Local\COMODO

O43 - CFD: 28/01/2009 - 09:21:44 - [30687] ----D- C:\Users\Patouche\AppData\Local\Google

O43 - CFD: 10/12/2010 - 07:35:34 - [133356] ----D- C:\Users\Patouche\AppData\Local\Help

O43 - CFD: 11/09/2008 - 15:59:40 - [0] -SH-D- C:\Users\Patouche\AppData\Local\Historique

O43 - CFD: 05/10/2008 - 00:53:40 - [8139] ----D- C:\Users\Patouche\AppData\Local\MakeDisc

O43 - CFD: 18/06/2011 - 08:14:46 - [199411751] ----D- C:\Users\Patouche\AppData\Local\Microsoft

O43 - CFD: 27/02/2009 - 19:41:22 - [1099882] ----D- C:\Users\Patouche\AppData\Local\Microsoft Games

O43 - CFD: 18/10/2008 - 05:37:30 - [120944] ----D- C:\Users\Patouche\AppData\Local\Microsoft Help

O43 - CFD: 06/01/2009 - 13:41:50 - [263191] ----D- C:\Users\Patouche\AppData\Local\MigWiz

O43 - CFD: 11/09/2008 - 18:08:04 - [43275352] ----D- C:\Users\Patouche\AppData\Local\Mozilla

O43 - CFD: 09/10/2008 - 02:22:06 - [68340] ----D- C:\Users\Patouche\AppData\Local\Nero

O43 - CFD: 05/10/2008 - 00:53:28 - [0] ----D- C:\Users\Patouche\AppData\Local\PowerCinema

O43 - CFD: 17/07/2011 - 11:51:50 - [860359] ----D- C:\Users\Patouche\AppData\Local\Quark

O43 - CFD: 04/08/2011 - 07:31:26 - [750583] ----D- C:\Users\Patouche\AppData\Local\QuickPar

O43 - CFD: 28/05/2009 - 13:43:52 - [37220] ----D- C:\Users\Patouche\AppData\Local\Sony

O43 - CFD: 05/07/2009 - 15:03:26 - [5138216] ----D- C:\Users\Patouche\AppData\Local\TechSmith

O43 - CFD: 11/08/2011 - 10:53:12 - [40960] ----D- C:\Users\Patouche\AppData\Local\temp

O43 - CFD: 11/09/2008 - 15:59:40 - [0] -SH-D- C:\Users\Patouche\AppData\Local\Temporary Internet Files

O43 - CFD: 12/09/2008 - 10:27:18 - [3771268] ----D- C:\Users\Patouche\AppData\Local\Thunderbird

O43 - CFD: 12/09/2008 - 19:31:02 - [91305987] ----D- C:\Users\Patouche\AppData\Local\VirtualStore

O43 - CFD: 27/04/2010 - 20:34:48 - [11647155] ----D- C:\Users\Patouche\AppData\Local\Xenocode

O43 - CFD: 02/05/2009 - 12:31:00 - [128032] ----D- C:\Users\Patouche\AppData\Local\Yahoo

O43 - CFD: 09/07/2011 - 20:01:38 - [5998080] ----D- C:\Users\Patouche\AppData\Local\{42FFD6CD-1797-4302-8C84-959BECBCDA13}

O43 - CFD: 17/07/2011 - 11:44:38 - [755033914] ----D- C:\Program Files (x86)\Quark

~ Scan Program Folder in 00mn 43s

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.5FDEDB92A83621A5B593B0FFF0522D92] - 11/08/2011 - 09:39:36 ---A- . (...) -- C:\PDOXUSRS.NET [13030]

O44 - LFC:[MD5.E8B2C85E0E26DCA5D644B671F4D21634] - 11/08/2011 - 09:25:15 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]

O44 - LFC:[MD5.CED80FB9F77B6FE28858BEA9347E689A] - 11/08/2011 - 08:50:51 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.76424DA08A5B6AD8E08A5D9BAD8B5291] - 11/08/2011 - 08:31:26 ---A- . (...) -- C:\ComboFix.txt [21263]

O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 11/08/2011 - 08:28:35 ---A- . (...) -- C:\Windows\system.ini [215]

O44 - LFC:[MD5.10A4CBFA036A7BFCD603FD774B50A69D] - 11/08/2011 - 07:42:27 ---A- . (...) -- C:\lxcz.log [1137088]

O44 - LFC:[MD5.9D05BB1B285D289A3453FA5C8F7340DC] - 11/08/2011 - 04:44:20 ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1627304]

O44 - LFC:[MD5.89884003BC4879291A972EFA69E1CD30] - 11/08/2011 - 04:44:20 ---A- . (...) -- C:\Windows\system32\perfc009.dat [119570]

O44 - LFC:[MD5.66F0A617AFB68B1BDC082CB27B17B940] - 11/08/2011 - 04:44:20 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [147302]

O44 - LFC:[MD5.2A3D1614965594AFE2D204981E3AF83B] - 11/08/2011 - 04:44:20 ---A- . (...) -- C:\Windows\system32\perfh009.dat [638364]

O44 - LFC:[MD5.D475EF68B9404CD92E26991789757C2B] - 11/08/2011 - 04:44:20 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [728918]

O44 - LFC:[MD5.C8E7DBBC71D034CB62EA877E28FEB8BC] - 08/08/2011 - 20:47:54 ---A- . (...) -- C:\ZHPRegY2.zhp [1668]

O44 - LFC:[MD5.D4C4C0D78AB3F120855BD292FC309DC5] - 08/08/2011 - 20:47:50 ---A- . (...) -- C:\ZHPRegY1.zhp [1668]

O44 - LFC:[MD5.29485D501812B9CB0BD0DD414EAFE3F0] - 08/08/2011 - 20:47:46 ---A- . (...) -- C:\ZHPRegY0.zhp [1668]

O44 - LFC:[MD5.753BC16326FEE4A421ACB636CCD602F4] - 08/08/2011 - 06:34:36 ---A- . (.NirSoft - NirCmd.) -- C:\Windows\NIRCMD.exe [60416]

O44 - LFC:[MD5.A46842C9B0C567A5A9584E83A163560C] - 08/08/2011 - 06:34:35 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\Windows\SWREG.exe [518144]

O44 - LFC:[MD5.0297C72529807322B152F517FDB0A9FC] - 08/08/2011 - 06:34:35 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\Windows\SWSC.exe [406528]

O44 - LFC:[MD5.254FB16160D9FA5385F4B5CF47B9C7DF] - 08/08/2011 - 06:29:57 R---- . (.Swearware - ComboFix NSIS Installer.) -- C:\ComboFix.exe [4165965]

O44 - LFC:[MD5.CAC8625BD5BF14440B52FA9F1184BDF5] - 03/08/2011 - 10:23:21 ---A- . (...) -- C:\Windows\Sandboxie.ini [5528]

O44 - LFC:[MD5.FFC3D6AE9084F75EC0600305F06B1CFB] - 01/08/2011 - 07:35:55 ---A- . (...) -- C:\Windows\system32\FNTCACHE.DAT [3751616]

O44 - LFC:[MD5.F80B2B68002ADB19673B086DA1EEDD4F] - 17/07/2011 - 10:38:04 ---A- . (...) -- C:\Windows\QTFont.for [1409]

O44 - LFC:[MD5.DBA91CD5A3A68302967C03213E52BDE8] - 17/07/2011 - 10:38:04 --HA- . (...) -- C:\Windows\QTFont.qfn [54156]

O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/06/2011 - 07:45:56 ---A- . (...) -- C:\Windows\PEV.exe [256000]

O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 07/11/2010 - 18:20:24 ---A- . (...) -- C:\Windows\MBR.exe [208896]

O44 - LFC:[MD5.8C25E347F5E2C2BCA9B5258A68B72AE7] - 20/01/1999 - 04:01:00 ---A- . (...) -- C:\Windows\system32\DBCLIENT.DLL [210032]

O44 - LFC:[MD5.4BC02BD73338C3A26265F5C64DBEC770] - 12/11/1999 - 04:11:00 ---A- . (...) -- C:\Windows\system32\BDEADMIN.CPL [183808]

O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 31/08/2000 - 01:00:00 ---A- . (...) -- C:\Windows\grep.exe [80412]

O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 31/08/2000 - 01:00:00 ---A- . (...) -- C:\Windows\sed.exe [98816]

O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 31/08/2000 - 01:00:00 ---A- . (...) -- C:\Windows\zip.exe [68096]

~ Scan Files in 00mn 06s

 

 

 

---\\ Contrôle du Safe Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\system32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\system32\Drivers\volmgrx.sys

~ Scan CSB in 00mn 00s

 

 

 

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"VIDC.I420"="lvcodec2.dll" . (.Labtec Inc. - Video Codec.) -- C:\Windows\system32\lvcodec2.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\system32\iccvid.dll

O52 - TDSD: \Drivers32\"wave"="DrvTrNTm.dll" . (.High Criteria inc. - Wave sound driver for the Total Recorder (Professional Edition).) -- C:\Windows\system32\DrvTrNTm.dll

O52 - TDSD: \Drivers32\"mixer"="DrvTrNTm.dll" . (.High Criteria inc. - Wave sound driver for the Total Recorder (Professional Edition).) -- C:\Windows\system32\DrvTrNTm.dll

O52 - TDSD: \Drivers32\"vidc.XVID"="xvidvfw.dll" . (...) -- C:\Windows\system32\xvidvfw.dll

O52 - TDSD: \Drivers32\"VIDC.DIVX"="divx.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\system32\divx.dll

O52 - TDSD: \Drivers32\"msacm.l3codecp"="l3codecp.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\system32\l3codecp.acm

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"DrvTrNTm.dll"="Wave sound driver for the TotalRecorder" . (.High Criteria inc. - Wave sound driver for the Total Recorder (Professional Edition).) -- C:\Windows\system32\DrvTrNTm.dll

O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec" . (...) -- C:\Windows\system32\xvidvfw.dll

O52 - TDSD: \drivers.desc\"divx.dll"="DivX Pro 6.8.0" . (...) -- (.not file.)

~ Scan Keys in 00mn 00s

 

 

 

---\\ ShareTools MSconfig StartupReg (O53)

O53 - SMSR:HKLM\...\startupreg\Acrobat Assistant 8.0 [Key] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe

O53 - SMSR:HKLM\...\startupreg\Adobe Acrobat Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe

O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

O53 - SMSR:HKLM\...\startupreg\PDF5 Registry Controller [Key] . (.Nuance Communications, Inc. - PDF Converter Registry Controller.) -- C:\Program Files\Nuance\PDF Create 5\RegistryController.exe

O53 - SMSR:HKLM\...\startupreg\PDFHook [Key] . (.Nuance Communications, Inc. - PdfCreateHook Application.) -- C:\Program Files\Nuance\PDF Create 5\pdfcreate5hook.exe

~ Scan SMSR Keys in 00mn 00s

 

 

 

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoBandCustomize"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.651C54AC4EC5C5397C5AFF5D575CA45B] - 30/01/2011 - 08:17:08 ---A- . (.NXP Semiconductors Germany GmbH - 3xHybrid.) -- C:\Windows\system32\drivers\3xHybrid.sys [1302368]

O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 30/01/2011 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [420968]

O58 - SDL:[MD5.B84088CA3CDCA97DA44A984C6CE1CCAD] - 30/01/2011 - 10:51:32 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297576]

O58 - SDL:[MD5.7880C67BCCC27C86FD05AA2AFB5EA469] - 30/01/2011 - 10:50:35 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys [98408]

O58 - SDL:[MD5.9AE713F8E30EFC2ABCCD84904333DF4D] - 30/01/2011 - 10:51:00 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [147048]

O58 - SDL:[MD5.496EDA16A127AC9A38BB285BEF17DBB5] - 07/08/2011 - 15:45:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [17592]

O58 - SDL:[MD5.5F673180268BB1FDB69C99B6619FE379] - 30/01/2011 - 10:50:09 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [67688]

O58 - SDL:[MD5.957F7540B5E7F602E44648C7DE5A1C05] - 30/01/2011 - 10:50:10 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [67688]

O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 30/01/2011 - 09:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]

O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 30/01/2011 - 09:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]

O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 30/01/2011 - 09:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [71808]

O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 30/01/2011 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]

O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 30/01/2011 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]

O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 30/01/2011 - 09:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]

O58 - SDL:[MD5.B1C737DBFDF2A2F1583D7A1F487390BB] - 30/06/2011 - 17:07:40 ---A- . (.cFos Software GmbH - cFosSpeed Driver.) -- C:\Windows\system32\drivers\cfosspeed.sys [974040]

O58 - SDL:[MD5.DE82681C08EB3840913ED0338CBEE0BA] - 30/01/2011 - 09:37:53 ---A- . (.COMODO - COMODO Internet Security Eradication Driver.) -- C:\Windows\system32\drivers\cmderd.sys [19088]

O58 - SDL:[MD5.BBE32E04E88B0048EC16F1D6C8936C4B] - 30/01/2011 - 09:37:54 ---A- . (.COMODO - COMODO Internet Security Sandbox Driver.) -- C:\Windows\system32\drivers\cmdGuard.sys [238960]

O58 - SDL:[MD5.497590EA7A94B98EA7A4516EBF0FB8D2] - 30/01/2011 - 09:37:55 ---A- . (.COMODO - COMODO Internet Security Helper Driver.) -- C:\Windows\system32\drivers\cmdhlp.sys [36568]

O58 - SDL:[MD5.59172A0724F2AB769F31D61B0571D75B] - 30/01/2011 - 15:45:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [19128]

O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 30/01/2011 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [71272]

O58 - SDL:[MD5.0AB8D9D7C5AC81FC736D7C208F737570] - 21/06/2011 - 09:18:02 ---A- . (.Ralink Technology, Corp. - Ralink 802.11 USB Wireless Adapter Driver.) -- C:\Windows\system32\drivers\Dr71WU.sys [489984]

O58 - SDL:[MD5.F88FB26547FD2CE6D0A5AF2985892C48] - 30/01/2011 - 08:30:54 ---A- . (.Intel Corporation - Intel® PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\system32\drivers\E1G60I32.sys [117760]

O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 30/01/2011 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [316520]

O58 - SDL:[MD5.DF353B401001246853763C4B7AAA6F50] - 30/01/2011 - 10:50:10 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [37480]

O58 - SDL:[MD5.4F28652EC514FA1BA473BC1A695A5C98] - 02/08/2011 - 00:40:12 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\system32\drivers\HssDrv.sys [37376]

O58 - SDL:[MD5.C957BF4B5D80B46C5017BF0101E6C906] - 30/01/2011 - 10:51:25 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [232040]

O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 30/01/2011 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41576]

O58 - SDL:[MD5.1C65E930ABA113F2CE59D32C7D8BC03F] - 30/01/2011 - 09:37:56 ---A- . (.COMODO - COMODO Internet Security Firewall Driver.) -- C:\Windows\system32\drivers\inspect.sys [82400]

O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 30/01/2011 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [35944]

O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 30/01/2011 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [35944]

O58 - SDL:[MD5.A2262FB9F28935E862B4DB46438C80D2] - 30/01/2011 - 10:50:04 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [65640]

O58 - SDL:[MD5.30D73327D390F72A62F32C103DAF1D6D] - 30/01/2011 - 10:50:05 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [65640]

O58 - SDL:[MD5.E1E36FEFD45849A95F1AB81DE0159FE3] - 30/01/2011 - 10:50:10 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [65640]

O58 - SDL:[MD5.03E86718BB5AA2716C7349A854FF6203] - 30/01/2011 - 11:14:38 ---A- . (.Labtec Inc. - Logitech Elch 2 Video Driver.) -- C:\Windows\system32\drivers\LV561AV.SYS [211712]

O58 - SDL:[MD5.C7FCB579956B7FDE002E6E9DE36728D3] - 30/01/2011 - 11:11:16 ---A- . (.Labtec Inc. - USB Statistic Driver.) -- C:\Windows\system32\drivers\LVUSBSta.sys [22016]

O58 - SDL:[MD5.ECA00EED9AB95489007B0EF84C7149DE] - 30/01/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [22712]

O58 - SDL:[MD5.B18225739ED9CAA83BA2DF966E9F43E8] - 16/07/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [41272]

O58 - SDL:[MD5.AF61A1C34E2D3F7543F9CCFC323170B8] - 30/01/2011 - 16:19:28 ---A- . (.MagicISO, Inc. - MagicISO SCSI Host Controller.) -- C:\Windows\system32\drivers\mcdbus.sys [116736]

O58 - SDL:[MD5.D153B14FC6598EAE8422A2037553ADCE] - 30/01/2011 - 10:49:53 ---A- . (.LSI Logic Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [28776]

O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 30/01/2011 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [33384]

O58 - SDL:[MD5.9BA2F93E4F01EC58E722B36639E0CE5D] - 30/01/2011 - 10:38:22 ---A- . (.Ralink Technology Corp. - Ralink 802.11n Wireless Adapter Driver.) -- C:\Windows\system32\drivers\netr28u.sys [554496]

O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 30/01/2011 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [45160]

O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 30/01/2011 - 08:36:50 ---A- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys [20608]

O58 - SDL:[MD5.96C27791D5AE5C77E37C61B15112E38D] - 08/05/2011 - 16:59:19 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [139368]

O58 - SDL:[MD5.847B1755F7757F825305A1FFE6DAC3E9] - 21/05/2011 - 05:01:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 275.33.) -- C:\Windows\system32\drivers\nvlddmkm.sys [10589800]

O58 - SDL:[MD5.D668632606D1CEBF0B6EC64C1DF7ED6F] - 30/01/2011 - 02:39:50 ---A- . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\system32\drivers\nvmfdx32.sys [1040544]

O58 - SDL:[MD5.9E0BA19A28C498A6D323D065DB76DFFC] - 30/01/2011 - 10:50:13 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [40040]

O58 - SDL:[MD5.4876E7C3184BDF50EDE043FEF616B867] - 30/01/2011 - 11:23:20 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor32.sys [115744]

O58 - SDL:[MD5.CCDAC889326317792480C0A67156A1EC] - 30/01/2011 - 10:51:45 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [900712]

O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 30/01/2011 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106088]

O58 - SDL:[MD5.56661BEAE591E59067710B6CBCA78184] - 30/01/2011 - 17:13:00 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys [2016920]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 30/01/2011 - 07:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.CEDD6F4E7D84E9F98B34B3FE988373AA] - 30/01/2011 - 10:50:10 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [38504]

O58 - SDL:[MD5.DF843C528C4F69D12CE41CE462E973A7] - 30/01/2011 - 10:50:16 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [71784]

O58 - SDL:[MD5.5CE1CF27620B144E212D407CDB14D339] - 30/01/2011 - 17:32:07 ---A- . (.Acronis - Acronis Snapshot API.) -- C:\Windows\system32\drivers\snman380.sys [134272]

O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/01/2011 - 00:00:00 ---A- . (...) -- C:\Windows\system32\drivers\sptd.sys [717296]

O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 30/01/2011 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [35944]

O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 30/01/2011 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [31848]

O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 30/01/2011 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [34920]

O58 - SDL:[MD5.0C3B2A9C4BD2DD9A6C2E4084314DD719] - 30/01/2011 - 00:42:40 ---A- . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) -- C:\Windows\system32\drivers\taphss.sys [32768]

O58 - SDL:[MD5.BE7B1A73272648622B39BE3C610E3CA0] - 30/01/2011 - 17:32:18 ---A- . (.Acronis - Acronis Try&Decide Volume Filter Driver.) -- C:\Windows\system32\drivers\tdrpm147.sys [971232]

O58 - SDL:[MD5.6DCB8DDB481CD3C40FA68593723B4D89] - 30/01/2011 - 17:32:11 ---A- . (.Acronis - Acronis True Image File System Filter.) -- C:\Windows\system32\drivers\tifsfilt.sys [44704]

O58 - SDL:[MD5.394FC70B88B7958FA85798BBC76D140A] - 30/01/2011 - 17:32:11 ---A- . (.Acronis - Acronis True Image Backup Archive Explorer.) -- C:\Windows\system32\drivers\timntr.sys [540000]

O58 - SDL:[MD5.7E55CBC1F285258C0475A8337F5BA324] - 30/01/2011 - 00:34:04 ---A- . (.High Criteria inc. - Total Recorder WDM audio driver.) -- C:\Windows\system32\drivers\TotRec7.sys [120472]

O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 30/01/2011 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [235112]

O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 30/01/2011 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [98408]

O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 30/01/2011 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys [115816]

O58 - SDL:[MD5.7AA7EC9A08DC2C39649C413B1A26E298] - 30/01/2011 - 15:45:21 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [20152]

O58 - SDL:[MD5.D984439746D42B30FC65A4C3546C6829] - 30/01/2011 - 10:50:41 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\system32\drivers\vsmraid.sys [112232]

O58 - SDL:[MD5.59C90BC8317BD3F6E5559A4DEAF35090] - 23/07/2011 - 18:13:20 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Bus Enumerator Driver.) -- C:\Windows\system32\drivers\WmBEnum.sys [19336]

O58 - SDL:[MD5.999A4539AD634A741AFD357E290BD461] - 23/07/2011 - 18:13:28 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Filter Driver.) -- C:\Windows\system32\drivers\WmFilter.sys [29192]

O58 - SDL:[MD5.0B8C64B13776F17537F0705FE62799C6] - 23/07/2011 - 18:13:44 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Hid Device Driver.) -- C:\Windows\system32\drivers\WmVirHid.sys [14728]

O58 - SDL:[MD5.8D388AEB1A12C1192AA9B4EBCEABCBA6] - 23/07/2011 - 18:13:52 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Translation Driver.) -- C:\Windows\system32\drivers\WmXlCore.sys [49160]

O58 - SDL:[MD5.AB2D77BF7222B007717ABB61B15F9AE2] - 30/01/2011 - 10:31:04 ---A- . (.X10 Wireless Technology, Inc. - X10 HID Control Interface.) -- C:\Windows\system32\drivers\x10hid.sys [13976]

O58 - SDL:[MD5.6BBF7A3BAB8FFDCCF82057FA2AAE2B7B] - 30/01/2011 - 15:18:18 ---A- . (.X10 Wireless Technology, Inc. - X10 USB Control Interface.) -- C:\Windows\system32\drivers\x10ufx2.sys [27416]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 07/08/2011 - 08:09:42 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 07/08/2011 - 08:09:45 ---A- . (...) -- C:\Windows\system32\country.sys [27097]

O58 - SDL:[MD5.539CA34FBC74EC366A0D751028C32A08] - 07/08/2011 - 09:57:54 ---A- . (...) -- C:\Windows\system32\epmntdrv.sys [14216]

O58 - SDL:[MD5.1F2F4AB15CE03ECC257FEB2F6DC5A013] - 07/08/2011 - 09:57:54 ---A- . (...) -- C:\Windows\system32\EuGdiDrv.sys [8456]

O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 07/08/2011 - 08:09:41 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]

O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 07/08/2011 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 07/08/2011 - 08:09:44 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]

O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 07/08/2011 - 08:09:29 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 07/08/2011 - 08:09:35 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 07/08/2011 - 08:09:38 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 07/08/2011 - 08:09:40 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 07/08/2011 - 08:09:31 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]

O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 07/08/2011 - 08:09:20 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]

O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 07/08/2011 - 08:09:23 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]

O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 07/08/2011 - 08:09:24 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]

O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 07/08/2011 - 08:09:26 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]

O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 07/08/2011 - 08:09:22 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]

~ Scan Drivers in 00mn 02s

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

O63 - Logiciel: RSIT - (.random/random.)

~ Scan ADS in 00mn 00s

 

 

 

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 29/10/2008 - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe - Acronis Scheduler2 Service(AcrSch2Svc) .(.Acronis - Acronis Scheduler 2.) - LEGACY_ACRSCH2SVC

O64 - Services: CurCS - ??/??/???? - C:\Users\Patouche\AppData\Local\Temp\catchme.sys (.not file.) - catchme (catchme) .(...) - LEGACY_CATCHME

O64 - Services: CurCS - 30/06/2011 - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe - COMODO Internet Security Helper Service(cmdAgent) .(.COMODO - COMODO Internet Security.) - LEGACY_CMDAGENT

O64 - Services: CurCS - 30/06/2011 - C:\Windows\system32\DRIVERS\cmderd.sys - COMODO Internet Security Eradication Driver(cmderd) .(.COMODO - COMODO Internet Security Eradication Driver.) - LEGACY_CMDERD

O64 - Services: CurCS - 30/06/2011 - C:\Windows\system32\DRIVERS\cmdguard.sys - COMODO Internet Security Sandbox Driver(cmdGuard) .(.COMODO - COMODO Internet Security Sandbox Driver.) - LEGACY_CMDGUARD

O64 - Services: CurCS - 30/06/2011 - C:\Windows\system32\DRIVERS\cmdhlp.sys - COMODO Internet Security Helper Driver(cmdHlp) .(.COMODO - COMODO Internet Security Helper Driver.) - LEGACY_CMDHLP

O64 - Services: CurCS - 25/09/2007 - C:\Program Files\MediaCoder\sysInfo.sys - CrystalSysInfo (CrystalSysInfo) .(...) - LEGACY_CRYSTALSYSINFO

O64 - Services: CurCS - 24/03/2011 - C:\Windows\system32\epmntdrv.sys - epmntdrv (epmntdrv) .(...) - LEGACY_EPMNTDRV

O64 - Services: CurCS - 24/03/2011 - C:\Windows\system32\EuGdiDrv.sys - EuGdiDrv (EuGdiDrv) .(...) - LEGACY_EUGDIDRV

O64 - Services: CurCS - 30/06/2011 - C:\Windows\system32\DRIVERS\inspect.sys - COMODO Internet Security Firewall Driver(Inspect) .(.COMODO - COMODO Internet Security Firewall Driver.) - LEGACY_INSPECT

O64 - Services: CurCS - ??/??/???? - C:\Users\Patouche\AppData\Local\Temp\mbr.sys (.not file.) - mbr (mbr) .(...) - LEGACY_MBR

O64 - Services: CurCS - 25/01/2007 - C:\Program Files\Common Files\NMSAccessU.exe - NMSAccessU (NMSAccessU) .(...) - LEGACY_NMSACCESSU

O64 - Services: CurCS - 04/04/2009 - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys - SASDIFSV(SASDIFSV) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - LEGACY_SASDIFSV

O64 - Services: CurCS - 17/11/2008 - C:\Program Files\SUPERAntiSpyware\SASENUM.sys - SASENUM(SASENUM) .(. SUPERAdBlocker.com and SUPERAntiSpyware.co - SASENUM.SYS.) - LEGACY_SASENUM

O64 - Services: CurCS - 21/09/2009 - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys - SASKUTIL(SASKUTIL) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - LEGACY_SASKUTIL

O64 - Services: CurCS - 01/12/2009 - C:\Program Files\Sandboxie\SbieDrv.sys - SbieDrv(SbieDrv) .(.tzuk - Sandboxie Kernel Mode Driver.) - LEGACY_SBIEDRV

O64 - Services: CurCS - ??/??/???? - C:\Windows\system32\Drivers\sptd.sys - sptd (sptd) .(...) - LEGACY_SPTD

O64 - Services: CurCS - 13/01/2009 - C:\Windows\system32\DRIVERS\tifsfilt.sys - Acronis True Image FS Filter(tifsfilter) .(.Acronis - Acronis True Image File System Filter.) - LEGACY_TIFSFILTER

~ Scan Services in 00mn 03s

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\system32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\system32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Hotspot Shield Customized Web Search) - http://search.conduit.com

O69 - SBI: SearchScopes [HKCU] {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} - (Private Search) - http://search.hotspotshield.com

~ Scan Keys in 00mn 00s

 

 

 

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.945D09C0925F771F907DEE3D0452ECF4] [sPRF][11/08/2011] (.Realtek - rtdrvmon.) -- C:\Users\Patouche\AppData\Local\Temp\rtdrvmon.exe [40960]

[MD5.503D8B4497FD2EE1F8212FD4A3ECD2B0] [sPRF][22/07/2011] (.Logitech - Pas de description.) -- C:\Users\Patouche\Desktop\driver joystick logitech precision xp&vista.exe [13876432]

[MD5.B3575BA6D7596C2A0366F54F7E698156] [sPRF][20/01/2011] (...) -- C:\Users\Patouche\Desktop\Simon.exe [1242454]

[MD5.DAB14AB84B651318A5F7CD8C7DB991A4] [sPRF][31/07/2011] (.Gibson Research Corp. - Universal Plug & Play Enable/Disable..) -- C:\Users\Patouche\Desktop\UnPnP.exe [22528]

[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]

[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]

[MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [172032]

~ Scan Files in 00mn 00s

 

 

 

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "{915F3C44-2AC4-40D6-8C72-012FD5AC2319}" | In - None - P17 - TRUE | .(.CyberLink Corp. - MakeDisc.) -- C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe

O87 - FAEL: "{70DF0481-5AE2-4957-B072-D0CA13455CC6}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDirector.) -- C:\Program Files\HomeCinema\PowerDirector\PDR.exe

O87 - FAEL: "{558BFA19-D1F3-4648-9F16-7A7EBCCEBD2D}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD.) -- C:\Program Files\HomeCinema\PowerDVD\PowerDVD.exe

O87 - FAEL: "{35AD0F8D-5639-4C9C-9DC1-AE87ADA5F1BF}" | In - Private - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O87 - FAEL: "{3F95FEDC-CD48-450A-A71E-E68D9220F758}" | In - Private - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe

O87 - FAEL: "TCP Query User{52E63CA1-8A04-4847-B728-F486703B3FE6}C:\vietcong\vietcong.exe" | In - Public - P6 - TRUE | .(...) -- C:\vietcong\vietcong.exe

O87 - FAEL: "UDP Query User{C0A20C5D-1F1D-4E0C-BBA3-1A32F5702E65}C:\vietcong\vietcong.exe" | In - Public - P17 - TRUE | .(...) -- C:\vietcong\vietcong.exe

O87 - FAEL: "TCP Query User{0556B251-244E-428F-B74B-760AA79FA315}C:\program files\mozilla firefox\firefox.exe" | In - Private - P6 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files\mozilla firefox\firefox.exe

O87 - FAEL: "UDP Query User{5599CD0F-B146-4C7B-87B7-7A02C0F18511}C:\program files\mozilla firefox\firefox.exe" | In - Private - P17 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files\mozilla firefox\firefox.exe

O87 - FAEL: "{42256B95-8EEE-445D-B0A8-7FC2250B589E}" | In - Private - P6 - TRUE | .(.Gas Powered Games - Dungeon Siege 2 Game Executable.) -- C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe

O87 - FAEL: "{4485D963-83DD-4606-83D4-3F12F1777BB0}" | In - Private - P17 - TRUE | .(.Gas Powered Games - Dungeon Siege 2 Game Executable.) -- C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe

O87 - FAEL: "TCP Query User{36426AAB-EEFD-46F7-B51B-DA6F11405758}C:\program files\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files\utorrent\utorrent.exe

O87 - FAEL: "UDP Query User{479F9FE1-8FB2-468B-8A57-AAFFA75EB5B7}C:\program files\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files\utorrent\utorrent.exe

O87 - FAEL: "{3239C7FC-8A00-48A7-BC0F-117D20017188}" | In - Private - P6 - TRUE | .(.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O87 - FAEL: "{4B9FECCA-A312-47EE-807A-854F47C313AC}" | In - Private - P17 - TRUE | .(.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O87 - FAEL: "TCP Query User{A8181ECD-242D-4D10-9A3E-71CE909375C2}C:\program files\free download manager\fdmwi.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files\free download manager\fdmwi.exe

O87 - FAEL: "UDP Query User{C234F548-F519-4275-ADD4-B409D7F1495E}C:\program files\free download manager\fdmwi.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files\free download manager\fdmwi.exe

O87 - FAEL: "TCP Query User{CE08CD50-123B-453B-9115-C85D581FC54B}C:\users\patouche\logiciels vrac\charon\charon.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\patouche\logiciels vrac\charon\charon.exe

O87 - FAEL: "UDP Query User{337526CB-9E61-494C-88FD-CA26EBA36302}C:\users\patouche\logiciels vrac\charon\charon.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\patouche\logiciels vrac\charon\charon.exe

O87 - FAEL: "TCP Query User{D79D032B-DFFF-4A43-9187-4FC13552353E}C:\program files\videolan\vlc\vlc.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files\videolan\vlc\vlc.exe

O87 - FAEL: "UDP Query User{100C1AA6-E91E-4AC2-BEA3-6F8DA3B9F6CE}C:\program files\videolan\vlc\vlc.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files\videolan\vlc\vlc.exe

O87 - FAEL: "TCP Query User{B17CF5A0-7D21-42B8-8CFF-7DF6BB155C1C}C:\program files\free download manager\fdm.exe" | In - Public - P6 - TRUE | .(.FreeDownloadManager.ORG - Free Download Manager.) -- C:\program files\free download manager\fdm.exe

O87 - FAEL: "UDP Query User{BE529950-976E-4610-A113-0E0A32BEA0B5}C:\program files\free download manager\fdm.exe" | In - Public - P17 - TRUE | .(.FreeDownloadManager.ORG - Free Download Manager.) -- C:\program files\free download manager\fdm.exe

O87 - FAEL: "TCP Query User{6E8227A8-D9F4-4E13-9640-F0A442F51C1E}C:\program files\paltalk messenger\paltalk.exe" | In - Public - P6 - TRUE | .(.AVM Software Inc. - PaltalkScene.) -- C:\program files\paltalk messenger\paltalk.exe

O87 - FAEL: "UDP Query User{8F2C6B48-8A66-4DC5-A933-BE4781664F33}C:\program files\paltalk messenger\paltalk.exe" | In - Public - P17 - TRUE | .(.AVM Software Inc. - PaltalkScene.) -- C:\program files\paltalk messenger\paltalk.exe

O87 - FAEL: "TCP Query User{7CA6C358-2566-4A92-BD41-3B7150CC3E46}C:\program files\yahoo!\messenger\yahoomessenger.exe" | In - Public - P6 - TRUE | .(.Yahoo! Inc. - Yahoo! Messenger.) -- C:\program files\yahoo!\messenger\yahoomessenger.exe

O87 - FAEL: "UDP Query User{3FBD3E98-70EA-4362-9A2A-5F10D85539A1}C:\program files\yahoo!\messenger\yahoomessenger.exe" | In - Public - P17 - TRUE | .(.Yahoo! Inc. - Yahoo! Messenger.) -- C:\program files\yahoo!\messenger\yahoomessenger.exe

O87 - FAEL: "TCP Query User{7021F29B-229E-4D80-8509-68D09FD80D37}C:\program files\mozilla firefox\firefox.exe" | In - Public - P6 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files\mozilla firefox\firefox.exe

O87 - FAEL: "UDP Query User{FF938056-CA88-43D4-8904-031875C9ADDC}C:\program files\mozilla firefox\firefox.exe" | In - Public - P17 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files\mozilla firefox\firefox.exe

O87 - FAEL: "TCP Query User{83C26AF0-F13F-4D53-A6A9-25CF39C2BA14}C:\users\patouche\documents\transfert maxtor 40\program files\free download manager\fdmwi.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\patouche\documents\transfert maxtor 40\program

O87 - FAEL: "UDP Query User{780910C5-AF30-4EC0-A8FA-6F95C49A2F53}C:\users\patouche\documents\transfert maxtor 40\program files\free download manager\fdmwi.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\patouche\documents\transfert maxtor 40\program

O87 - FAEL: "TCP Query User{CEF5FFC6-C9C4-4F4D-A2E4-4F08A984ED97}C:\users\patouche\documents\transfert maxtor 40\program files\skype\phone\skype.exe" | In - Public - P6 - TRUE | .(.Skype Technologies S.A..) -- C:\users\patouche\documents\transfert maxtor

O87 - FAEL: "UDP Query User{76E9E3D0-C271-454D-8B19-1D76AA4000FE}C:\users\patouche\documents\transfert maxtor 40\program files\skype\phone\skype.exe" | In - Public - P17 - TRUE | .(.Skype Technologies S.A..) -- C:\users\patouche\documents\transfert maxto

O87 - FAEL: "{F70FB5D8-ABE6-404B-819B-5074EA3A7E9F}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Users\Patouche\Documents\Transfert Maxtor 40\Program Files\Skype\Phone\Skype.exe

O87 - FAEL: "{85F2B4E0-BE34-464E-BD64-9DFAF7992C06}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxczcoms.exe

O87 - FAEL: "{5EE0A869-F39A-4A51-BC30-B52EC5E90D2D}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxczcoms.exe

O87 - FAEL: "{0CD477EB-35FC-4CBC-AE40-B8B48BFB7926}" | In - Public - P6 - TRUE | .(.Lexmark International Inc. - Print Status Window Interface.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxczpswx.exe

O87 - FAEL: "{50039E21-6C63-470B-A315-06DC30B35FF5}" | In - Public - P17 - TRUE | .(.Lexmark International Inc. - Print Status Window Interface.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxczpswx.exe

O87 - FAEL: "TCP Query User{EA5B2A1A-BD1F-44CE-9E9F-19B45DFF85B5}C:\program files\encyclopaedia universalis 2011\encyclopaedia universalis 2011\universalis2011.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files\encyclopaedia universalis 2011\enc

O87 - FAEL: "UDP Query User{CE846682-1F86-43DD-991E-ABE0C93AD195}C:\program files\encyclopaedia universalis 2011\encyclopaedia universalis 2011\universalis2011.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files\encyclopaedia universalis 2011\en

O87 - FAEL: "{DD92BD18-D3E7-4E75-AB30-9D916C105957}" | In - Public - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O87 - FAEL: "{4CDFEDB3-AA1F-40D4-AC2D-811E9236872F}" | In - Public - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O87 - FAEL: "TCP Query User{503EEEC5-0B8A-441B-9BA5-DE0125ED9033}C:\wamp\bin\apache\apache2.2.17\bin\httpd.exe" | In - Public - P6 - TRUE | .(.Apache Software Foundation - Apache HTTP Server.) -- C:\wamp\bin\apache\apache2.2.17\bin\httpd.exe

O87 - FAEL: "UDP Query User{88592D76-35CC-4E44-83EE-81E26B50BF31}C:\wamp\bin\apache\apache2.2.17\bin\httpd.exe" | In - Public - P17 - TRUE | .(.Apache Software Foundation - Apache HTTP Server.) -- C:\wamp\bin\apache\apache2.2.17\bin\httpd.exe

O87 - FAEL: "{DE960D2D-6357-4D86-8583-A871A6FF8262}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDirector.) -- C:\Program Files\CyberLink\PowerDirector\PDR9.exe

~ Scan Firewall in 00mn 01s

 

 

 

---\\ Scan Additionnel (O88)

Database Version : 8614 - (09/08/2011)

Clés trouvées (Keys found) : 26

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 8

Fichiers trouvés (Files found) : 0

 

[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.AskSBar

[HKLM\Software\Classes\Toolbar.CT1561552] =>Toolbar.Agent

[HKLM\Software\Classes\Interface\{4c07ea4f-5f52-4222-b170-4cd9ed33baea}] =>Adware.BHO

[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.AskSBar

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.AskSBar

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.AskSBar

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b0de3308-5d5a-470d-81b9-634fc078393b}] =>Adware.BHO

[HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}] =>Adware.BHO

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] =>Toolbar.Conduit

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] =>Toolbar.Conduit

[HKLM\Software\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] =>Toolbar.Conduit

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] =>Toolbar.Conduit

[HKLM\Software\Classes\Interface\{f131923c-381d-4e4c-a472-4a17118fd742}] =>Adware.BHO

[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar

[HKLM\SYSTEM\CurrentControlSet\Services\HssSrv] =>Toolbar.Agent

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent

[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar

[HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit

[HKLM\Software\Conduit] =>Toolbar.Conduit

[HKCU\Software\HotspotShield] =>Toolbar.Conduit

[HKLM\Software\HotspotShield] =>Toolbar.Conduit

[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit

C:\Program Files\Babylon =>Toolbar.Babylon

C:\Program Files\Conduit =>Toolbar.Conduit

C:\Program Files\Hotspot Shield =>Toolbar.Conduit

C:\ProgramData\hssff =>Toolbar.Conduit

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield =>Toolbar.Conduit

C:\Users\Patouche\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar

C:\Users\Patouche\AppData\LocalLow\Conduit =>Toolbar.Conduit

C:\Users\Patouche\AppData\Roaming\Mozilla\Firefox\Profiles\pycqkpj7.default\Extensions\engine@conduit.com =>Toolbar.Conduit

~ Scan Additionnel in 00mn 10s

 

 

 

---\\ Recherche détournement de DNS routeur (O89)

Serveur : UnKnown

Address: 10.71.0.1

Nom : www.l.google.com

Addresses: 209.85.148.103

209.85.148.104

209.85.148.105

209.85.148.106

209.85.148.147

209.85.148.99

Aliases: www.google.fr

www.google.com

~ Scan DNS in 00mn 02s

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Disabled 07/08/2011 554264 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

SR - | Auto 07/08/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 07/08/2011 390872 | (cFosSpeedS) . (.cFos Software GmbH.) - C:\Program Files\cFosSpeed\spd.exe

SR - | Auto 07/08/2011 1793712 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

SS - | Auto 07/08/2011 183280 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

SR - | Auto 07/08/2011 298824 | (hshld) . (...) - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

SR - | Auto 07/08/2011 363336 | (HssSrv) . (.AnchorFree Inc..) - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

SS - | Demand 07/08/2011 63976 | (HssTrayService) . (...) - C:\Program Files\Hotspot Shield\bin\HssTrayService.exe

SR - | Auto 07/08/2011 329544 | (HssWd) . (...) - C:\Program Files\Hotspot Shield\bin\hsswd.exe

SS - | Demand 07/08/2011 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

SR - | Auto 07/08/2011 537520 | (lxcz_device) . (...) - C:\Windows\system32\lxczcoms.exe

SS - | Demand 07/08/2011 65536 | (NMSAccessU) . (...) - C:\Program Files\Common Files\NMSAccessU.exe

SR - | Auto 07/08/2011 615528 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 07/08/2011 2214504 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

SR - | Auto 07/08/2011 66560 | (SbieSvc) . (.tzuk.) - C:\Program Files\Sandboxie\SbieSvc.exe

SR - | Auto 07/08/2011 275968 | (StarWindServiceAE) . (.Rocket Division Software.) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

SR - | Auto 07/08/2011 378472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SS - | Demand 07/08/2011 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

SS - | Demand 07/08/2011 362240 | C:\Windows\System32\TuneUpDefragService.exe (TuneUp.Defrag) . (.TuneUp Software.) - C:\Windows\System32\TuneUpDefragService.exe

SR - | Auto 07/08/2011 603904 | C:\Windows\System32\TUProgSt.exe (TuneUp.ProgramStatisticsSvc) . (.TuneUp Software.) - C:\Windows\System32\TUProgSt.exe

SR - | Auto 07/08/2011 21504 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe

SS - | Demand 07/08/2011 20549 | (wampapache) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe

SS - | Demand 07/08/2011 8133120 | (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe

SR - | Auto 07/08/2011 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe

SR - | Auto 07/08/2011 20480 | (x10nets) . (.X10.) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

~ Scan Services in 00mn 03s

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by Patouche at 11/08/2011 10:56:24

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85C291F8]<<

1 nt!IofCallDriver[0x82C5411B] -> \Device\Harddisk0\DR0[0x85DBD460]

3 CLASSPNP[0x8B3948B3] -> nt!IofCallDriver[0x82C5411B] -> [0x85CFCCD8]

5 acpi[0x8AF7C6BC] -> nt!IofCallDriver[0x82C5411B] -> \Device\Ide\IdeDeviceP2T0L0-3[0x85C5C3A0]

\Driver\atapi[0x85C93030] -> IRP_MJ_CREATE -> 0x85C291F8

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi -> 0x85c291f8

user & kernel MBR OK

Warning: possible MBR rootkit infection !

~ Scan MBR in 00mn 07s

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Patouche at 11/08/2011 10:56:26

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ Scan MBR in 00mn 09s

 

 

 

End of the scan (1610 lines in 02mn 03s)(0)

 

 

 

ComboFix 11-08-07.03 - Patouche 11/08/2011 9:19.9.2 - x86 MINIMAL

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.2546 [GMT 2:00]

Lancé depuis: C:\ComboFix.exe

AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Un nouveau point de restauration a été créé

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-07-11 au 2011-08-11 ))))))))))))))))))))))))))))))))))))

.

.

2011-08-11 07:28 . 2011-08-11 07:28 -------- d-----w- c:\users\Patouche\AppData\Local\temp

2011-08-11 07:28 . 2011-08-11 07:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-08-11 07:28 . 2011-08-11 07:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-11 05:30 . 2011-08-11 05:46 -------- d-----w- c:\program files\RegTweaker

2011-08-10 08:54 . 2011-08-11 06:51 -------- d-----w- C:\ZHP

2011-08-10 08:26 . 2011-08-11 05:57 -------- d-----w- c:\program files\ZHPDiag

2011-08-08 17:50 . 2011-08-11 05:57 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2011-08-08 16:30 . 2011-08-08 16:30 -------- d-----w- c:\program files\Common Files\Borland Shared

2011-08-08 16:30 . 1999-11-12 03:11 183808 ----a-w- c:\windows\system32\BDEADMIN.CPL

2011-08-08 16:30 . 1999-01-20 03:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL

2011-08-08 16:30 . 2011-08-11 04:47 -------- d-----w- c:\program files\ZebHelpProcess

2011-08-08 04:29 . 2011-08-08 04:30 -------- d-----w- c:\program files\trend micro

2011-08-08 04:29 . 2011-08-08 04:30 -------- d-----w- C:\rsit

2011-08-04 19:28 . 2011-08-04 19:28 -------- d-----w- c:\users\Patouche\.swt

2011-08-02 19:43 . 2011-08-02 19:43 -------- d-----w- c:\programdata\hssff

2011-08-02 19:34 . 2011-08-02 19:34 -------- d-----w- c:\program files\Conduit

2011-08-02 19:34 . 2011-08-02 19:34 -------- d-----w- c:\program files\Hotspot_Shield

2011-08-02 19:33 . 2011-08-02 19:34 -------- d-----w- C:\Hotspot Shield

2011-08-02 19:32 . 2011-06-22 22:05 755016 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll

2011-08-02 19:32 . 2011-08-02 19:34 -------- d-----w- c:\program files\Hotspot Shield

2011-08-02 19:32 . 2011-06-22 22:05 756552 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

2011-07-31 13:24 . 2011-08-03 09:27 -------- d-----w- C:\My Works

2011-07-31 12:40 . 2011-08-06 15:35 -------- d-----w- c:\users\Patouche\binload

2011-07-30 21:31 . 2011-07-31 22:06 -------- d-----w- c:\programdata\SmartSound Software Inc

2011-07-30 21:31 . 2011-07-30 21:31 -------- d-----w- c:\programdata\eSellerate

2011-07-30 21:31 . 2011-07-30 21:31 -------- d-----w- c:\program files\SmartSound Software

2011-07-27 19:30 . 2011-08-04 05:31 -------- d-----w- c:\users\Patouche\AppData\Local\QuickPar

2011-07-27 19:28 . 2011-07-27 19:28 -------- d-----w- c:\program files\QuickPar

2011-07-27 06:10 . 2011-07-29 17:36 -------- d-----w- c:\users\Patouche\AppData\Roaming\vlc

2011-07-27 03:54 . 2011-08-04 19:34 -------- d-----w- c:\program files\Binload

2011-07-23 21:16 . 2011-07-28 04:07 -------- d-----w- c:\windows\Replay Video Capture

2011-07-23 21:16 . 2011-07-23 21:27 -------- d-----w- c:\program files\Replay Video Capture

2011-07-23 06:36 . 2011-07-23 07:10 -------- d-----w- c:\program files\Common Files\Logitech

2011-07-22 08:12 . 2011-07-22 08:12 -------- d-----w- c:\users\Patouche\AppData\Roaming\Hensense.com

2011-07-21 04:11 . 2011-07-21 04:11 -------- d-----w- c:\users\Public\Roaming

2011-07-20 13:52 . 2011-07-29 08:26 -------- d-----w- C:\HotSpot SFR Reconnect auto

2011-07-17 14:02 . 2011-07-17 14:02 -------- d-----w- c:\program files\Common Files\Apple

2011-07-17 14:02 . 2011-07-17 14:02 -------- d-----w- c:\users\Patouche\AppData\Local\Apple

2011-07-17 14:02 . 2011-07-17 14:02 -------- d-----w- c:\programdata\Apple

2011-07-17 14:02 . 2011-07-17 14:02 -------- d-----w- c:\program files\Apple Software Update

2011-07-17 13:40 . 2011-07-17 13:40 -------- d-----w- c:\windows\system32\Quark ShapeMaker Presets

2011-07-17 13:30 . 2011-07-17 13:30 -------- d-----w- c:\users\Patouche\AppData\Local\Apple Computer

2011-07-17 13:24 . 2011-07-17 13:24 -------- d-----w- c:\users\Patouche\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-07-17 13:23 . 2011-07-17 13:23 -------- d-----w- c:\users\Patouche\AppData\Roaming\com.adobe.DC3Module.AdobeADC

2011-07-17 13:01 . 2011-07-17 13:01 -------- d-----w- c:\users\Patouche\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2011-07-17 13:01 . 2011-07-17 13:01 -------- d-----w- c:\users\Patouche\AppData\Roaming\Adobe Mini Bridge CS5.1

2011-07-17 10:59 . 2011-07-18 12:16 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-07-17 09:54 . 2011-07-17 09:54 -------- d-----w- c:\users\Patouche\AppData\Roaming\Apple Computer

2011-07-17 09:48 . 2011-07-17 09:48 -------- d-----w- c:\users\Patouche\AppData\Roaming\Quark

2011-07-17 09:45 . 2011-07-17 09:45 -------- d-----w- c:\windows\system32\QuickTime

2011-07-17 09:44 . 2011-07-17 09:44 -------- d-----w- c:\programdata\Quark

2011-07-17 09:44 . 2011-07-17 09:44 -------- d-----w- C:\Program Files (x86)

2011-07-17 09:37 . 2011-07-17 14:05 -------- d-----w- c:\program files\QuickTime

2011-07-17 09:36 . 2011-07-17 14:05 -------- d-----w- c:\programdata\Apple Computer

2011-07-17 06:35 . 2011-07-17 06:35 3584 ----a-r- c:\users\Patouche\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2011-07-17 06:35 . 2011-07-17 06:35 -------- d-----w- c:\program files\Windows Installer Clean Up

2011-07-17 06:34 . 2011-07-17 06:38 -------- d-----w- c:\program files\MSECACHE

2011-07-13 15:20 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-13 15:20 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 15:20 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-12 20:33 . 2011-07-12 20:33 -------- d-----w- c:\program files\HFSExplorer

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-09 18:02 . 2011-07-09 18:02 78096 ----a-r- c:\users\Patouche\AppData\Roaming\Microsoft\Installer\{FE74C184-4939-4FFA-B8C9-8E0CD6A6AA57}\ARPPRODUCTICON.exe

2011-07-06 17:52 . 2009-07-27 06:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52 . 2009-07-27 06:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 08:37 . 2010-03-03 15:53 82400 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-06-30 08:37 . 2010-03-03 15:53 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-06-30 08:37 . 2010-03-23 16:39 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-06-30 08:37 . 2010-03-03 15:53 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-06-30 08:37 . 2010-03-03 15:54 285256 ----a-w- c:\windows\system32\guard32.dll

2011-06-22 14:30 . 2011-05-16 18:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-06 19:55 . 2011-06-06 19:55 47512 ----a-w- c:\windows\system32\AdobePDF.dll

2011-06-06 19:55 . 2011-06-06 19:55 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll

2011-05-24 23:40 . 2011-05-24 23:40 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys

2011-05-24 17:14 . 2009-10-03 14:15 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-21 04:01 . 2011-05-21 04:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll

2011-05-21 04:01 . 2011-05-21 04:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll

2011-05-21 04:01 . 2011-05-21 04:01 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-05-21 04:01 . 2011-05-21 04:01 5301352 ----a-w- c:\windows\system32\nvcuda.dll

2011-05-21 04:01 . 2011-05-21 04:01 2804328 ----a-w- c:\windows\system32\nvcuvid.dll

2011-05-21 04:01 . 2011-05-21 04:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-05-21 04:01 . 2011-05-21 04:01 16456296 ----a-w- c:\windows\system32\nvoglv32.dll

2011-05-21 04:01 . 2011-05-21 04:01 13011560 ----a-w- c:\windows\system32\nvcompiler.dll

2011-05-21 04:01 . 2011-05-21 04:01 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2011-05-21 04:01 . 2011-05-21 04:01 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-05-21 04:01 . 2011-05-08 07:54 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-05-21 04:01 . 2011-05-08 07:54 2335848 ----a-w- c:\windows\system32\nvapi.dll

2011-05-21 04:01 . 2011-05-08 07:54 11992680 ----a-w- c:\windows\system32\nvd3dum.dll

2011-05-21 04:01 . 2011-04-07 20:43 543336 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

2011-05-21 04:01 . 2011-04-07 20:43 615528 ----a-w- c:\windows\system32\nvvsvc.exe

2011-05-21 04:01 . 2011-04-07 20:43 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-05-21 04:01 . 2011-04-07 20:43 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-05-21 04:01 . 2011-04-07 20:43 3693672 ----a-w- c:\windows\system32\nvcpl.dll

2011-05-21 04:01 . 2011-04-07 20:43 2557544 ----a-w- c:\windows\system32\nvsvc.dll

2011-05-21 04:01 . 2010-10-08 00:03 66664 ----a-w- c:\windows\system32\nvshext.dll

2007-01-25 01:52 . 2007-01-25 01:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe

2011-06-23 08:26 . 2011-04-15 10:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-12-31 2349080]

.

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

2009-12-31 09:53 2349080 ----a-w- c:\program files\Hotspot_Shield\tbHots.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-12-31 2349080]

.

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-12-01 389120]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]

"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]

"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2009-03-17 881368]

.

c:\users\Patouche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-9-28 575488]

nwr_2-1-5.jar - Raccourci.lnk - c:\users\Patouche\Logiciels vrac\nwr WiFi HotSpot reconnect neuf sfr\nwr_2-1-5.jar [2011-7-29 110059]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-21 06:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave"=DrvTrNTm.dll

"mixer"=DrvTrNTm.dll

"aux5"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2011-06-06 19:55 2903448 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2011-06-06 19:55 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]

2008-12-13 01:27 58656 ----a-w- c:\program files\Nuance\PDF Create 5\RegistryController.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]

2009-04-10 07:52 1277952 ----a-w- c:\program files\Nuance\PDF Create 5\PdfCreate5Hook.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ehTray.exe"=c:\windows\ehome\ehTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\OmniPage 17\Ereg\Ereg.ini"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-06-30 238960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-06-30 36568]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-04 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-21 74480]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 1302368]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-04-16 120472]

R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-05 717296]

S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2009-01-13 971232]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-06-30 19088]

S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

.

2011-08-11 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-28 10:45]

.

.

------- Examen supplémentaire -------

.

mSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = 204.73.37.113:80

IE: Ajouter au fichier PDF existant - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Ajouter le contenu du lien à un fichier PDF existant - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Créer des fichiers PDF à partir des liens sélectionnés - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: Créer fichier PDF - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Créer un fichier PDF depuis le contenu du lien - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

TCP: DhcpNameServer = 109.0.66.10 109.0.66.20

FF - ProfilePath - c:\users\Patouche\AppData\Roaming\Mozilla\Firefox\Profiles\pycqkpj7.default\

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-08-11 09:28

Windows 6.0.6002 Service Pack 2 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

Heure de fin: 2011-08-11 09:31:25

ComboFix-quarantined-files.txt 2011-08-11 07:31

ComboFix2.txt 2011-08-10 18:11

ComboFix3.txt 2011-08-10 10:04

ComboFix4.txt 2011-08-10 09:42

ComboFix5.txt 2011-08-11 07:18

.

Avant-CF: 151 597 215 744 octets libres

Après-CF: 151 479 582 720 octets libres

.

- - End Of File - - 3F8903AE111012FDCD314023E6A4AFB4

[pear]

Bonjour,

 

Télécharger aswMBR.exe sur le bureau

Double clic sur l'icône

Puis Scan

 

Le scan fini, cliquer sur "SAVE LOG" et sauvegarder le fichier sur le Bureau,

Copier/Coller le contenu dans la réponse.

 

Un fichier "MBR.dat" apparait sur le Bureau.

Faites clic droit -> Envoyer vers- > "Dossier compressé".

Conserver ce fichier MBR.zip sur clé Usb

 

 

Nettoyage

Relancer aswMBR.exe

Click [scan]

A l'issue du scan

Clic sur [Fix] pour TDL4 (MBRoot)

Clic sur [FixMBR] pour Whistler

 

 

 

Spybot, totalement obsolète, comme Ad_Aware, va être désinstallé.Vous pourrez utiliser Mbam pour le remplacer.

Auparavant, vous devez faire ceci, avant de lancer Zhpfix:

Pour désactiver TeaTimer qui ne sert à rien et peut faire échouer une désinfection:!

Sous Vista, exécuter avec privilèges Administrateur

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Effacer le contenu du dossier Snapshots(le contenu de snapshots, pas le fichier snapshots) , sous XP :

C:\Documents and Settings\All Users\Application Data\Spybot - Search &Destroy\Snapshots

Et sous Vista :

C:\ProgramData\Spybot - Search & Destroy\Snapshots

 

Cliquer sur l'icône Zhpfix qui est sur votre bureau

Sous Vista/7 clic-droit, "Exécuter En tant qu'Administrateur

Copiez/Collez les lignes vertes dans le cadre ci dessous:

 

[HKCU\Software\C:] => Trojan Remover

O43 - CFD: 19/02/2009 - 01:43:28 - [0] ----D- C:\Program Files\Babylon => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\Interface\{4c07ea4f-5f52-4222-b170-4cd9ed33baea}] => Infection BT (Adware.BHO)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b0de3308-5d5a-470d-81b9-634fc078393b}] => Infection BT

[HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}] => Infection BT

[HKLM\Software\Classes\Interface\{f131923c-381d-4e4c-a472-4a17118fd742}] => Infection BT (Adware.BHO)

C:\Program Files\Babylon => Infection BT (Toolbar.Babylon)

O4 - Global Startup: C:\Users\Patouche\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\paltalk.exe - Raccourci.lnk . (.AVM Software Inc..) -- C:\Program Files\Paltalk Messenger\paltalk.exe

O9 - Extra button: &Envoyer à OneNote - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} . (.AVM Software Inc. - PaltalkScene.) -- C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.AVM Software Inc. - PaltalkScene.) -- C:\Program Files\Paltalk Messenger\Paltalk.exe

[MD5.00000000000000000000000000000000] [APT] [{094B910C-CC8B-4FB2-ABFD-4336C5DFBB9F}] (...) -- C:\Users\Patouche\Logiciels vrac\FreeRapid-0.83u1\frd.exe (.not file.) => Fichier absent

[MD5.00000000000000000000000000000000] [APT] [{24E6F6C5-4BD8-4BFA-A1E4-F61FE7DE84B1}] (...) -- C:\Program Files\Cepstral\bin\ceptools.cpl" (.not file.) => Fichier absent

[MD5.00000000000000000000000000000000] [APT] [{3EF3CCB3-DD96-4699-B35D-2C5E220C18E7}] (...) -- C:\Users\Patouche\Desktop\Voix\AV Music Morpher Gold Full 4.0.68 + keygen\music_morpher_gold.exe (.not file.) => Crack, KeyGen, Keymaker - Possible Malware

[MD5.00000000000000000000000000000000] [APT] [{48631814-5C7F-4619-94C0-90BAEAF8CE19}] (...) -- c:\users\Patouche\Documents\Transfert Maxtor 40\Documents Pounet\Bureau\Tof\Install_AACD_v3.exe (.not file.) => Fichier absent

[MD5.00000000000000000000000000000000] [APT] [{BC3EC294-1DD7-4F82-9523-21FF037ACA8B}] (...) -- C:\Users\Patouche\Desktop\Voix\AV Music Morpher Gold Full 4.0.68 + keygen\music_morpher_gold.exe (.not file.) => Crack, KeyGen, Keymaker - Possible Malware

O42 - Logiciel: MeuhMeuhTV Alpha 3.0.0.32 - (.La Communauté de la Vache.) [HKLM] -- MeuhMeuhTV Alpha_is1

O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 => Safer Networking Limited Spybot - S&D

[HKLM\Software\MeuhMeuhTV]

O43 - CFD: 23/01/2010 - 19:14:02 - [8204356] ----D- C:\Program Files\MeuhMeuhTV Alpha

O43 - CFD: 29/11/2009 - 17:46:26 - [82517518] ----D- C:\Program Files\Spybot - Search & Destroy => Spybot - Search & Destroy

O43 - CFD: 18/07/2011 - 14:16:48 - [3420] ----D- C:\ProgramData\regid.1986-12.com.adobe

O43 - CFD: 08/08/2011 - 17:59:46 - [7437831] ----D- C:\ProgramData\Spybot - Search & Destroy => Spybot - Search & Destroy

O43 - CFD: 22/01/2010 - 20:08:20 - [16393] ----D- C:\Users\Patouche\AppData\Roaming\MeuhMeuhTV

O58 - SDL:[MD5.4F28652EC514FA1BA473BC1A695A5C98] - 02/08/2011 - 00:40:12 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\system32\drivers\HssDrv.sys [37376]

O87 - FAEL: "TCP Query User{6E8227A8-D9F4-4E13-9640-F0A442F51C1E}C:\program files\paltalk messenger\paltalk.exe" | In - Public - P6 - TRUE | .(.AVM Software Inc. - PaltalkScene.) -- C:\program files\paltalk messenger\paltalk.exe

O87 - FAEL: "UDP Query User{8F2C6B48-8A66-4DC5-A933-BE4781664F33}C:\program files\paltalk messenger\paltalk.exe" | In - Public - P17 - TRUE | .(.AVM Software Inc. - PaltalkScene.) -- C:\program files\paltalk messenger\paltalk.exe

[MD5.2CFEA9C337B699ACA38487E8A7438F35] - (.AnchorFree Inc. - Pas de description.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [363336]

M2 - MFEP: prefs.js [Patouche - pycqkpj7.default\engine@conduit.com] [] Conduit Engine v3.3.3.2 (.Conduit Ltd..) => Toolbar.Conduit

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 4, 2) -- C:\Program Files\Hotspot_Shield\tbHots.dll

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 4, 2) -- C:\Program Files\Hotspot_Shield\tbHots.dll

O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Hotspot_Shield\tbHots.dll

O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Hotspot_Shield\tbHots.dll

O23 - Service: Hotspot Shield Routing Service (HssSrv) . (.AnchorFree Inc. - Pas de description.) - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

O42 - Logiciel: Hotspot_Shield Toolbar - (.Pas de propriétaire.) [HKLM] -- Hotspot_Shield Toolbar => Toolbar.Conduit

[HKCU\Software\AppDataLow\Software\AskToolbar] => Toolbar.Ask

[HKCU\Software\AppDataLow\Software\Conduit] => Toolbar.Conduit

[HKCU\Software\AppDataLow\Software\Hotspot_Shield]

[HKCU\Software\AppDataLow\Toolbar] => Toolbar.Conduit

[HKCU\Software\HotspotShield] => AnchorFree

[HKLM\Software\Conduit] => Toolbar.Conduit

[HKLM\Software\Hotspot_Shield]

O43 - CFD: 02/08/2011 - 21:34:12 - [520728] ----D- C:\Program Files\Conduit => Toolbar.Conduit

O43 - CFD: 02/08/2011 - 21:34:16 - [7392902] ----D- C:\Program Files\Hotspot Shield => Toolbar.Conduit

O43 - CFD: 02/08/2011 - 21:34:14 - [2549523] ----D- C:\Program Files\Hotspot_Shield

O43 - CFD: 02/08/2011 - 21:43:12 - [0] ----D- C:\ProgramData\hssff => Toolbar.Conduit

O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Hotspot Shield Customized Web Search) - http://search.conduit.com => Toolbar.Conduit

[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] => Toolbar.Ask

[HKLM\Software\Classes\Toolbar.CT1561552] => Toolbar.Agent

[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] => Toolbar.Ask

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] => Toolbar.Ask

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] => Toolbar.Ask

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] => Toolbar.Conduit

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] => Toolbar.Conduit

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] => Conduit/EffectiveBrand Hotspot Shield Toolbar

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] => Conduit/EffectiveBrand Hotspot Shield Toolbar

[HKLM\Software\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] => Conduit/EffectiveBrand Hotspot Shield Toolbar

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] => Conduit/EffectiveBrand Hotspot Shield Toolbar

[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] => Toolbar.Ask

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] => Toolbar.Ask

[HKLM\SYSTEM\CurrentControlSet\Services\HssSrv] => Toolbar.Agent

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] => Toolbar.Agent

[HKCU\Software\AppDataLow\Software\AskToolbar] => Toolbar.Ask

[HKCU\Software\AppDataLow\Software\Conduit] => Toolbar.Conduit

[HKLM\Software\Conduit] => Toolbar.Conduit

[HKCU\Software\HotspotShield] => AnchorFree

[HKLM\Software\HotspotShield] => AnchorFree

[HKCU\Software\AppDataLow\Toolbar] => Toolbar.Conduit

C:\Program Files\Conduit => Toolbar.Conduit

C:\Program Files\Hotspot Shield => Toolbar.Conduit

C:\ProgramData\hssff => Toolbar.Conduit

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield => Toolbar.Conduit

C:\Users\Patouche\AppData\LocalLow\AskToolbar => Toolbar.Ask

C:\Users\Patouche\AppData\LocalLow\Conduit => Toolbar.Conduit

C:\Users\Patouche\AppData\Roaming\Mozilla\Firefox\Profiles\pycqkpj7.default\Extensions\engine@conduit.com => Toolbar.Conduit

SR - | Auto 07/08/2011 363336 | (HssSrv) . (.AnchorFree Inc..) - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

 

 

 

 

Cliquez ensuite sur le H-

Cliquer sur "OK", ce qui fait apparaître un carré à gauche de chaque ligne.

Cliquer sur "Tous" puis sur "Nettoyer" .

Acceptez de Redémarrer pour achever le nettoyage.

Un rapport apparait:

Si le rapport n'apparait pas,cliquer sur

Copier-coller le rapport de suppression dans la prochaine réponse.